FAST COMPUTATION OF A RATIONAL POINT OF A 
VARIETY OVER A FINITE FIELD 

o 

O ' A. CAFUREi AND G. MATERA^.a 

H ' Abstract. We exhibit a probabilistic algorithm which computes a rational 

^2 • point of an absolutely irreducible variety over a finite field defined by a re- 

duced regular sequence. Its time-space complexity is roughly quadratic in the 
logarithm of the cardinality of the field and a geometric invariant of the input 
system (called its degree), which is always bounded by the Bezout number of 
the system. Our algorithm works for fields of any characteristic, but requires 
pH ' the cardinality of the field to be greater than a quantity which is roughly the 

'^^ , fourth power of the degree of the input variety. 

■3 
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1. Introduction 

Let p be a prime number, let q :— p'' , let F^ be the finite field of q elements and let 
^ ' ¥q denote its algebraic closure. For a given n £ N, let A" denote the n-dimensional 

'^ ■ afline space F endowed with its Zariski topology. Let be given a finite set of 

polynomials Fi, . . . , Fm G F^ [Xi , . . . , X„] and let V denote the affine subvariety of 
A" defined by i^i , . . . , Fm ■ In this paper we consider the problem of computing a 
f^ I g-rational point of the variety V, i.e. a point x g F" such that Fi{x) = holds for 

"Tj- . i = 1, . . . ,m. 

^P I This is an important problem of mathematics and computer science, with many 

(^ ■ applications. It is NP-complete, even if the equations are quadratic and the field 

considered is F2. Furthermore, |SH] shows that determining the number of rational 
points of a sparse plane curve over a finite field is #P-complete. In fact, several 
multivariate cryptographic schemes based on the hardness of solving polynomial 
equations over a finite field have been proposed and cryptoanalyzed (see e.g. [TU]'). 
The problem is also a critical point in areas such as coding theory (see e.g. |13| . 
7_j . EH)) combinatorics ^^, etc. 

C^ I There is not much literature on the subject. In p^, an algorithm computing the 

set of g-rational points of a plane curve over a finite field has been proposed. On the 
other hand, ^31^ and jlOj exhibit algorithms which solve an overdetermined system 
of quadratic equations over a finite field, based on a technique of linearization. 

Algorithms finding rational points on a general variety over a finite field are 
usually based on rewriting techniques (see e.g. ^J, ^3). Unfortunately, such 
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2 A. CAFURE^ AND G. MATERA^'^ 

algorithms have superexponential complexity, which makes them infeasible for re- 
alistically sized problems. Indeed, their most efficient variants (see e.g. j^) have 
worst-case complexity higher than exhaustive search in polynomial equation sys- 
tems over F2 |10| . 

A different approach is taken in |^ , which exhibits an algorithm solving polyno- 
mial systems over a finite field by means of deformations, based on a perturbation 
of the original system and a subsequent path-following method. Nevertheless, the 
perturbation typically introduces spurious solutions which may be computationally 
expensive to identify and eliminate in order to obtain the actual solutions. Fur- 
thermore, the algorithm is algebraically robust or universal in the sense of 26; and 
[H|, which implies exponential lower bounds on its time complexity. 

In the case of polynomial equation solving over the complex or real numbers, the 
series of papers |2ni,|ll|,|ini,|IHl,|2I],E],El (see also EH, ES!, EZl) introduces 
a new symbolic elimination algorithm. Its complexity is roughly the product of 
the complexity of the input polynomials and a polynomial function of a certain 
geometric invariant of the input system, called its degree. Let us observe that the 
degree is always bounded by the Bezout-number of the input system and happens 
often to be considerably smaller. 

Our intention is to develop a new family of elimination algorithms for polynomial 
equation solving over finite fields of the type above. For this purpose, and as a first 
step towards this aim, in this article we exhibit a new probabilistic algorithm which 
solves a critical problem of effective elimination over finite fields: the computation 
of a rational point of an Fg -definable absolutely irreducible variety. Our main result 
is summarized in the following theorem (see CoroUarv 16.41 for a precise complexity 
statement): 

Theorem. Let 71 > 3 and d > 2. Let Fi, . . . ,Fr G Fq[Xi, . . . , Xn] be polynomials 
of maximum degree d which form a regular sequence of ¥q[Xi, . . . ,Xn\. Suppose 
that Fi, . . . , Fs generate a radical ideal of ¥q[Xi, . . . , Xn] for 1 < s < r and let 
Vs '■— V{Fi, . . . , Fs) C A". Let S :~ maxi<s<r degT^. Let he given a straight-line 
program in ¥q[Xi, . . . , X„] using space S and time T which represents Fi, . . . , Fr. 
Suppose further that V := Vr is absolutely irreducible and q > Sn'^dS* holds. Then 
there exists a probabilistic algorithm which computes a q -rational point of V with 
space 0~[SS^ log q) and time 0~{TS^ log q) . 

(Here 0~ refers to the standard Soft-Oh notation which docs not take into 
account logarithmic terms. Further, we have ignored terms depending on n and d.) 

The complexity estimate of our algorithm is polynomial in the degree of the 
system 8 mentioned above and the logarithm of q. Therefore, taking into account 
the worst-case estimate S < D -.^ Y[i=i '^^si^i) ' ^^ conclude that our algorithm 
achieves, for the first time in polynomial equation solving over finite fields, a com- 
plexity polynomial in the Bezout number D and log q. In particular, our complexity 
result exponentially improves the rf'^^" ^ log ^ 'q worst-case estimates of J2H1 and 
Grobner solving algorithms. 

In the above statement we assume that the input polynomials -Fi , . . . , -F,. form 
a reduced regular sequence, i.e. Fi, . . . ,Fs generate a radical ideal for 1 < s < r. 
Let us remark that this hypothesis can be easily recovered from a regular sequence 
generating a radical ideal by a generic linear combination of the input polynomials 
(see e.g. [221 Proposition 37]). Furthermore, using techniques inspired in |SE1, |SI] 
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it is possible to extend our algorithm to arbitrary polynomial equation systems over 
¥q defining an absolutely irreducible variety (this extension shall be considered in 
a forthcoming work). 

Our algorithm may be divided into three main parts. The first part is a pro- 
cedure which has as input a reduced regular sequence Fi, . . . ,Fr G Fg [Xi , . . . , Xn] 
and outputs a complete description of the generic point of the input variety V :— 
V{Fi, . . . ,Fr). Such a description is provided by a K~definable generic linear projec- 
tion TTr : V^ — *■ A"^'' and a parametrization of an unramified generic fiber 7r~^(p(''^), 
where K is a suitable finite field extension of F^ (cf. Sections 12.11 12. 2|) . 

In Section^we describe this (recursive) procedure, which proceeds in r — 1 steps. 
Its s-th step computes a complete description of the generic point of Vs+i := 
V{Fi, . . . ,Fs+i), which is represented by an unramified fiber 7r^]^(P^*^^'') of a 
finite K-definable linear projection tTs+i : Vs+i -^ A"~^~^. For this purpose, 
in Section f4.1l the unramified fiber 7r7^(P'^*') of the previous step is "lifted" to 
a suitable curve Wp(s+i), contained in Vg := V{Fi, . . . ,Fs), whose intersection 
with the hypersurface defined by Ps+i yields a complete description of the fiber 
7r^]^(P'^'^^-'). This intersection is computed in Sections 14.21 and 14.31 

In the second part of our algorithm (Section O, we obtain an F, -definable de- 
scription of the generic point of V. For this purpose, we develop a symbolic ho- 
motopy algorithm, based on a global Newton-Hensel lifting, which "moves" the 
K~definable finite morphism tt^ : K- — > A"^*" and the K-definable generic un- 
ramified fiber 7T~^{P^'^') previously obtained, into an Fq-definable finite morphism 
IT : V ^ A"~'' and an F^ -definable generic unramified fiber 7r^^(P). Combining this 
procedure with an effective version of the first Bertini theorem, in the third part of 
our algorithm we obtain an absolutely irreducible plane F^ -curve C with the prop- 
erty that any g-rational smooth point of C immediately yields a g-rational point of 
the input variety V (see Sectional). Then, in Section I^TI we compute a g-rational 
point of the curve C with a probabilistic algorithm which combines the classical 
Weil's estimate and a procedure based on factorization and gcd computations. 

A critical point of our algorithm is the a priori determination of the linear 
projections tTs and the points P*^"-* for 1 < s < r. In Section |31 we show that this 
data can be generically chosen and obtain explicit estimates on the degrees of the 
polynomials underlying this genericity condition (improving significantly previous 
estimates). Therefore, using the Zippel-Schwartz test (see [^11], |S3 and Section 
12. 3|) we may randomly find such linear projections and points with high probability 
of success. 

Let us remark that our algorithm does not impose any restriction on the charac- 
teristic p > 0, but requires the cardinality q of the field F^ to satisfy the condition 
q > Sn'^dSf, where Sr is the degree of the variety V. Nevertheless, it is clear that our 
algorithm cannot work unless there exists at least one rational point of the input 
variety V. Since the existence of a rational point of an absolutely irreducible vari- 
ety over ¥q of degree 5r cannot be asserted (up to the authors's knowledge) unless 
q > 26* holds, we see that our condition on q comes quite close to this "minimal" 
requirement. 

Finally, we observe that our algorithm can be efficiently extended to the case 
of an Fq -definable variety V with an absolutely irreducible Fq -definable component 
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of dimension equal to dim V. On the other hand, extensions to the general case 
of an arbitrary variety over ¥q are likely to produce a significant increase of the 
time-space complexity of our algorithm (see |28|'). 

2. Notions and notations. 

We use standard notions and notations of commutative algebra and algebraic 
geometry as can be found in e.g. [3Sj, [S], EH- 

Let ¥q and ¥q denote the finite field of q elements and its algebraic closure re- 
spectively, and let K be a subfield of Fg containing F^. Let Xi, . . . ,Xn be in- 
determinates over K and let K[Xi, . . . , Xn] denote the ring of n-variate polyno- 
mials in the indeterminates Xi, . . . , Xn and coefficients in K. Let T^ be a K- 
definable affine subvariety of A" (a K-variety for short). We shall denote by 
I{V) C K[Xi, . . . ,Xn] its defining ideal and by K[T^] its coordinate ring, namely, 
the quotient ring K[V] := K[Xi, . . . , Xn]/I{V). 

If V is irreducible as a K-variety (K-irreducible for short), we define its degree 
as the maximum number of points lying in the intersection of V with an afhne 
linear subspace L of A" of codimension dim(y) for which #(y n L) < oo holds. 
More generally, if y = Ci U • • • U C/i is the decomposition of V into irreducible 
K-components, we define the degree of V as deg(y) := X]i=i deg(Ci) (cf. |211)- In 
the sequel we shall make use of the following Bezout inequality (|21|; see also |lti)): 
if V and W are K-subvarieties of A", then 

(2.1) deg(y r\W)< deg V deg W. 

A K-variety V C A" is absolutely irreducible if it is irreducible as F^ -variety. 

2.1. Geometric solutions. In order to describe the geometric aspect of our pro- 
cedure we need some more terminology, essentially borrowed from |18j . Let us 
consider an equidimensional K-variety W C A" of dimension m > Q and degree 
deg W, defined by polynomials i^i , . . . , F„_m G K [Xi , . . . , X„] which form a regular 
sequence. A geometric solution of W consists of the following items: 

• a linear change of variables, transforming the variables Xi, . . . , Xn into new 
ones, say Yi, . . . , Y^ with the following properties: 

— the linear map tt : W ^ A™ defined by Yi , . . . , Y^ is a finite surjective 
morphism. In this case, the change of variables is called a Noether nor- 
malization of W and we say that the variables Yi, . . . ,Yn are in Noether 
position with respect to W, the variables Yi, . . . , F,„ being free. The 
given Noether normalization induces an integral ring extension Rm '■— 
FJYi,...,r„] ^ fq[W]. Observe that fq[W] is a free i?™-module 
whose rank we denote by rank/j^Fg[iy]. Notice that rank/j,„Fq[iy] < 
deg ly (see e.g. M) andl,[W^] ^ ¥q[Xi, . . . ,X„]/(Fi, . . . ,i^™_„) hold. 

— the linear form Ym+i induces a primitive element of the ring extension 
R„i ^^ Fg[M^], i.e. an element ym+i 6 ^q\W] whose (monic) minimal 
polynomial (7'^™) e Rm\T] over Rm satisfies the condition degT^q*^"'-' = 
rankfl,,,^Fg[iy]. Observe that we always have degg'™^ = degj^ g'™^ < 
deg ly. 

• the minimal polynomial g'™' of 2/m+i over Rm. 

• a generic ^^parametrization" of the variety W by the zeroes of q^™', of the 
form (ag(™)/ar)(r)i;„+2-«i7^^2(T), . . . , (ag(™)/aT)(r)K„--z;i")(T) with 
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v';^^^,...,vi"'^ e R,n[T]. We require that deg^, z;^+^ < degr(g(")) and 

{dq^"''>/dT){Yra+i)Y„,+j - v';';i%{Yra+i) G (Fi, . . . , F„_„) hold for 2 < J < 
n — m. Observe that this paranietrization is unique up to scahng by nonzero 
elements of F^. 

Observe that in the case that VF is a zero-dimensional variety, a linear form Yi 
is a primitive element of the ring extension F^ ^^ ¥q [W] if and only if it separates 
the points of W, i.e. Yi{P) ^ Yi{Q) whenever P and Q are distinct points of W. 

Let us here remark that this notion of "geometric solution" has a long history, 
which goes back at least to L. Kronecker |S1] (see also 001; EHl)- One might 
consider [5] and |17| as early references where this notion was implicitly used for 
the first time in modern symbolic computation. 

2.2. Lifting points and lifting fibers. Let us consider as in the previous section 
an TO-dimensional K-variety W and a Noether normalization tt : W ^ A™. We 
call a point P := (pi, . . . ,Pm) G A™ a lifting point of tt if tt is unramified at P, 
i.e. if the equations Fi = 0, . . . , -P,i-m — 0, Yi — pi, . . . ,Y„i — Pm define the fiber 
7r~^(P) by transversal cuts. We call the zero-dimensional variety Wp := 7r^^(P) 
the lifting fiber of the point P. 

Suppose that there is given a geometric solution of W as in the previous section, 
and a lifting point P of tt not vanishing the discriminant of the polynomial q^"^' 
with respect to the variable T. Then the given geometric solution of the variety 
W induces a geometric solution of the lifting fiber Wp. This geometric solution 
of Wp is given by the linear forms Fm+i, . . . ,F„, the polynomial q^"^\P,T) and 
the parametrization [dq^'^y dT){P, T)Ym+2 - w^+zC^. T),..., {dq'^'^y dT){P, T)Yn - 
Vn \P, T). We call such a geometric solution of W compatible with the lifting point 



Let us observe that tt is unramified at a given point P G A™ if and only if 
J{x) ^ holds for any x G 7r^^(P), where J G Fg[Xi, . . . , X,-^ denotes the Jacobian 
determinant of Yi, . . . , Ym, Pi, ... , Pm with respect to the variables Xi, . . . , X„. 
Furthermore, 021 Proposicion 28] shows tt is unramified at P G A'" if and only if 
the condition ffTr^^{P) = degW holds. 

For 1 < j < TO — n, let P,(Yi, . . . , Y„) denote the element of Fg[Yi, . . . , Y„] 
obtained by rewriting Fj{Xi, . . . , X„) in the variables Yi, . . . , Y„. The following 
result, probably well-known, is included here for lack of a suitable reference: 

Lemma 2.1. Let notations and assumptions be as above. Suppose that n is unram- 
ified at a point P G A™. Then the Jacobian matrix {dFj / dYn-k+i)i<j.k<n-m{x) is 
nonsingular for any point x G 'r:~^{P). 

Proof. Let Wp := 7r^^(P), let tt : Wp -^ A"^'" be the projection morphism 
defined by the hncar forms Y^+i, . . . , Y„ and let tt* : Fg[Ym+i, . . . , Y„] ^ Fg[Wp] 
denote the corresponding morphism of coordinate rings. Let Ip denote the ideal 
of ¥q[Y,n+i, ■■■,Yn] generated by the polynomials Fj{P, Y^+i, . . . , Y„) for 1 < j < 
m ~ n. We claim that Ip equals the kernel of the morphism tt* . Indeed, it is clear 
that the ideal Ip is included in the kernel of the morphism tt*. On the other hand, 
let P G ¥q[Ym+i, . . . ,Yn] Satisfy the condition 7r*(P) = 0. This implies that P, 
considered as an element of Fq[Xi, . . . , X„], vanishes on any point of the fiber Wp. 
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This implies that the foUowing relation holds: 

(2.2) F e (n - pi, . . . , r™ - p™, Fi(ri, . . . , y„), . . . , F„_„(ri, . . . , y„)) . 

Specializing the variables Yl , . . . , Ym into the values pi , . . . , Pm in H2.2|l we conclude 
that F G Ip holds. 

From the claim and the fact that tt* is surjective we deduce the existence of an 
isomorphism of Fg-algebras: 

F,[ri, . . . , Yn]/{Fi{P, Ym+l, . . . , r„), . . . , Fn-,niP, Yn+1, ■ ■ ■ ,Yn)) ^ %[Wp]. 

This shows that the ideal Ip is radical. Since Wp is a zero-dimensional variety, 
from e.g. ^1 Chapter 4, Corollary 2.6] it follows that Wp is a smooth variety. 
Therefore, applying the Jacobian criterion finishes the proof of the lemma. D 

2.3. On the algorithmic model. Algorithms in elimination theory are usually 
described using the standard dense (or sparse) complexity model, i.e. encoding 
multivariate polynomials by means of the vector of all (or of all nonzero) coef- 
ficients. Taking into account that a generic n-variate polynomial of degree d 
has ( ^"') = 0{d"-) nonzero coefficients, we see that the dense or sparse repre- 
sentation of multivariate polynomials requires an exponential size, and their ma- 
nipulation usually requires an exponential number of arithmetic operations with 
respect to the parameters d and n. In order to avoid this exponential behavior, 
we are going to use an alternative encoding of input, output and intermediate re- 
sults of our computations by means of straight-line programs (cf. [53] , [5^1 , E3 j 
[Sj). A straight-line program (3 in K(Xi, . . . , Xn) is a finite sequence of rational 
functions {Fi, . . . , Fk) G K(Ari, . . . , Xn)'^ such that for 1 < i < A:, Fi is either an 
element of the set {Xi, . . . ,Xn}, or an element of K (a parameter), or there ex- 
ist 1 < ii,i2 < « such that Fi = Fi^ o^ Fi^ holds, where o^ is one of the arithmetic 
operations -f , — , x, ~. The straight-line program (3 is called division-free if Oj is 
different from ^ for \ <i <k. Two basic natural measures of the complexity of 
(3 are its space and time (cf. j^l, |46|'). Space is defined as the maximum number 
of arithmetic registers used in the evaluation process defined by /3, and time is 
defined as the total number of arithmetic operations performed during the evalua- 
tion. We say that the straight-line program f3 computes or represents a subset S 
of K(Xi, . . . , X„) if 5 C {Fi, . . . , Fk} holds. 

Our model of computation is based on the concept of straight-line programs. 
However, a model of computation consisting only of straight-line programs is not 
expressive enough for our purposes. Therefore we allow our model to include de- 
cisions and selections (subject to previous decisions). For this reason we shall also 
consider computation trees, which are straight-line programs with branchings. Time 
and space of the evaluation of a given computation tree are defined analogously as 
in the case of straight-line programs (see e.g. 1^1], [HI for more details on the notion 
of computation trees) . 

A difficult point in the manipulation of multivariate polynomials over finite 
fields is the so-called identity testing problem: given two elements F and G of 
K[A"i, . . . , X„], decide whether F and G represent the same polynomial function on 
K". Indeed, all known deterministic algorithms solving this problem have complex- 
ity at least (#K)^(^). In this article we are going to use probabilistic algorithms to 
solve the identity testing problem, based on the following result: 
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Theorem 2.2 (|SHli 0E1)- Let F be a nonzero polynomial of ¥q[Xi, . . . ,Xn] of 
degree at most d and let K be a finite field extension of ¥q . Then the number of 
zeros of F in K" is at most d{ff^K)"^^ . 

For the analysis of our algorithms, we shall interpret the statement of Theo- 
rem |^3 in terms of probabilities. More precisely, given a fix nonzero polynomial F 
in Fg[J'('i, . . . , Xn] of degree at most d, from Theorem 12. 21 we conclude that the prob- 
ability of choosing randomly a point a S K" such that F{a) ~ holds is bounded 
from above by d/#K (assuming a uniform distribution of probability on the ele- 
ments of K"). 

3. On the PREPARATION OF THE INPUT DATA 

From now on, let n > 3 and d > 2, and let be given polynomials Fi, . . . ,Fr £ 
¥q [Xi , . . . ,Xn] of maximum degree d, which generate a radical ideal of F^ [Xi , . . . , Xn] 
and form a regular sequence of ¥q [Xi , . . . , Xn] ■ Suppose further that Fi, . . . ,Fs 
generate a radical ideal for 1 < s < r — 1 and Vr := V{Fi, . . . , Fr) is absolutely 
irreducible. 

In the sequel we shall consider algorithms which "solve" symbolically the (input) 
equation system Fi = 0, . . . , F^ = over ¥q. As in J^l and JJHIj we associate to the 
equation system Fi — 0, . . . , Fr — a parameter S, called the (geometric) degree of 
the system, which is defined as follows: for 1 < s < r, let Vg C A" be the Fq -variety 
defined by Fi, . . . ,Fs and let Sg denote its degree. The geometric degree of the 
system i^i = 0, . . . , -F^ = is then defined as S := maxi<s<r i5s- 

In this section we are going to determine a genericity condition underlying the 
choice of a simultaneous Noether normalization of the varieties Vi, . . . ,Vr and lifting 
points P^**^ G A""** {^ < s < r) such that, for 1 < s < r — 1, the lifting fiber 
Vp{B+i) has the following property: for any point P G Vp{s+i), the morphism tTs 
is unramified at tTs(P). By a simultaneous Noether normalization we understand 
a linear change of variables such that the new variables Yi, . . . ,Yn are in Noether 
position with respect to Vs for 1 < s < r. Finally, we are going to find an afhne 
linear subspace L of A" of dimension r + 1 such that V,- n L is an absolutely 
irreducible curve of A" of degree 6r- 

3.1. Simultaneous Noether normaUzation. It is well-known that a generic 
choice of linear forms Yi , . . . , y„ yields a simultaneous Noether normalization of 
the varieties Vi, . . . ,Vr. In order to prove the existence of a simultaneous Noether 
normalization defined over a given finite field extension of ¥q we need suitable 
genericity conditions. The following proposition yields an upper bound on the 
degree of the genericity condition underlying the choice of such linear forms. 

Proposition 3.1. Let us fix s with I < s < r. Let A := (Ay)i<i<„_s-|_i.i<j<„ be 
a matrix of indeterminates, let A''-* := (A^i, . . . , Ai„) for l<i<n — s+1 and 
let F := (Fi, . . . ,Tn-s+i) be a vector of indeterminates. Let X := {Xi, . . . ,Xn) 
and let Y :— AX + F. Then there exists a nonzero polynomial As G Fg[A, F] of 
degree at most 2{n — s + 2)S^ such that, for any (A, 7) G a("~''+-^)" x A"""*"*"^ with 
As(A,7) ^ 0, the following conditions are satisfied: 

(z) Let Y :— XX -I- 7 :== (Yi, . . . , Yn-s+i)- Then the mapping tTs : Vg ^ A""'* 
defined by Yi, . . . , Yn-s is a finite morphism. 
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(a) The linear form Yn^s+i induces a primitive element of the integral ring 
extension Rs := Fg[Yi, . . . , Y„-s] '^ %[Vs]- 

Proof. Let us consider the following niorphism of algebraic varieties: 

$; A^^-'+i)" X A^-^'+i X y, -^ A("-''+i)" X A"-"+i X A"-*+i 
(A,7,a;) i-> (A, 7, Ax + 7) 

Using standard facts about Chow forms (see e.g. |SJ, [7], [3^1), we deduce that 
Im{<^) is a hypersurface of a("^''+^)" x A"^''+^ x A"~''+^, defined by a square- 
free polynomial Py^ G Fq[A, F, Yi, . . . , y„_s+i] which satisfies the following degree 
estimates: 

• degyPv, = degY^_^^^Pv, = 5s, 

• deg^(i) Y-.Pvs ^ 5 s for l<i<n — s + 1. 

Let ^i^s G Fg[A, F] be the (nonzero) polynomial which arises as coefficient of 
the monomial Y^^Ls+i in the polynomial Py^ , considering Py^ as an element of 
Fg[A,F][y]. The above estimates imply degAi^g < [n — s + 1)5 s- Let ^i^^ e 
Vq [A*^*^ , Fi : 1 < i < n — s] be a nonzero polynomial arising as coefficient of a 
monomial of Ai^s, considering Ai,s as an element of Fg[A(*-',Fi : 1 < i < n — 
s][A("-^+i),F„„^+i]. 

Let (A*, 7*) e A^"-'*)" X A"-'' be any point for which Ai^s(A*,7*) ^ holds, 
and let Y :— (Yi, . . . , F„_s) := A*Ar + 7*. We claim that condition {i) of the state- 
ment of Proposition EH) holds. Indeed, since Al,. := Ai^s(A*,7*, A(""''+i\F„_s+i) 
is a nonzero element of Fq[A''"~'*+^-',F„_s+i], we deduce the existence of n ¥q- 
linear independent vectors wi, . . . , w„ G A" and values ai, . . . , a„ g A^ such that 
A\ ^{wj^ttj) 7^ holds for 1 < j < n. Let i.j :— WjX + Oj for I < j < n. By 
construction, for 1 < j < n the polynomial Py^ (A*,7*, Wj, a_,, li, . . . ,y„_s,£j) is 
an integral dependence equation for the coordinate function induced by ij in the 
ring extension Rs ^-> Fg[T4]. Since ¥q[£i, . . . , In] — ¥q[Xi, . . . , Xn], we conclude that 
condition (i) holds. 

Furthermore, since ¥q[A,T,Y]/{Pv,) is a reduced Fg -algebra and ¥q is a per- 
fect field, from I4]J Proposition 27. G] we conclude that the (zero-dimensional) 
F,(A, F, Fi, . . . , X,_,)-algebra F,(A, F, fi, .^. , Y„^s)[Yn-s+i]/iPvJ is reduced. This 
implies that Py^ is a separable element of ¥q{A, F, Yi, . . . , Yn-s)[Yn-s+i] and hence 
Py^ and dPyJdYn-s+i are relatively prime in ¥q{A, F, Yi, . . . , Y„_s)[5ri-s+i]- Then 
the discriminant 

(3.2) Ps ■.^ReSy^_^^^{Py^,dPyJdYn-s+l) 

of Py^ with respect to Y„_s+i is a nonzero element of Fq[A, F, Yi, . . . , Y„_s] which 
satisfies the following degree estimates: 

• degy.^^ y.^_^ Ps < {2Ss - l)5s. 

• degj^(i) p. Ps < {25s — l)5s for 1 < i < n — s + 1. 

Let pi^s G ^^^[■'^jr] a nonzero coefficient of a monomial of ps, considering ps as 
an element of Fq[A,F][Yi, . . . , Y„_s], and let As := pi^sAi^s- Observe that degA^ < 
2(n-.s+2)(52 holds. Let (A, 7) G A("-''+i)"xA"-''+i satisfy the condition ^( A, 7) ^ 
0, let Y := AX -1-7 and denote by (A*, 7*) G A^"-")" x A""^ be the matrix formed 
by the first n — s rows of (A, 7). Let p* be the polynomial obtained from ps by 
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specializing the variables A^*^ Fi {1 < i < n — s) into the value (A*, 7*). Then p* is a 
nonzero element of Fq[A^"~''+^\ r„_s+i, Yi, . . . , Yn^s\ which equals the discriminant 
of Pv,(A*, A("-'*+i),7*,r„_^+i,Fi, . . . ,r„_,,r„_s+i) with respect to ?„_«+!• It is 
clear that condition (?) holds. We claim that condition {ii) holds. 

Let ^1, . . . , ^„ be the coordinate functions of Vg induced by Xi, . . . , Xn, let Qi := 
J2]=i ^i.j^j +Jiiorl<i<n~s and let F„_s+i := J2]=i An-s+ij^j + r„_s+i. 
From the properties of the Chow form of Vg we conclude that the identity 

(3 3) = PyiA*,A("-^+l),7*,F„_,+i,Cl, . . . ,Cn-sX-s+l) 

^ ■ ' -Py,(A*,A("-^+i),7*,F„_,+i,Ci, . . . ,C„-., A„_,+i4a+ • ■ • +A„_,+i,„en) 

holds in l,[A("-^+i',F„_s+i] ®F^ F,[V;]. Following e.g. [T] or gH], from 123 we 
deduce that the following identity holds in ¥g[A'-"--^+^\r„_s+i] «)= ¥q[Vs] for 1 < 
k < n: 

(3 A) (^^v./5r„_,+i)(A*,A("-^+i),7*,F„_3+i,Ci,...,Cn-.,?„-.+iKfc + 
■ +(9Py,/9A„_,+i,fc)(A*,A("-^+i),7*,F„_,+i,Ci,...,Cn-.,?„-.+i)=0. 

Since p*(A("^''+^\F„_s+i, Yi, . . . , y„_s) is the discriminant of the polynomial 
Pv^(A*,A("-"+i),7*,F„_,+i,ri,...,r„_^,r„_,+i) with respect to K„_,+i,^it can 
be written as a linear combination of Py^(A* A("^'*+^),7*r„_<;+i,Fi, . . . , Y,i^s,Yn-s+i) 
and (9PvJ9i;,_,+i)(A*,A("-^+i),7*,F„_,+i,Fi,...,y„_„f„_,+i). Combining 
this observation with (|3.3() and (|3.4(l we conclude that 

.„,. p:(A("-^+i),F„„,+i,ci,...,Cn-.)a+ 

^ ■ ^ +Pfe(A("-^+i),F„_,+i,Ci,...,C«-s,?„-.+i)-0 

holds, where Pj. is a nonzero element of Fg[A("^''+^\ F„_s+i, Zi, . . . , Zn-s+i] for 1 < 
k < n. Specializing identity l|3.5|) into the values An-s+i,j '■= Ki-s+i.j (1 < J < n) 
and F„_s+i = jn-s+i for 1 < fc < n, we conclude that Yn-s+i induces a primitive 
element of the F, -algebra extension ¥q{Yi, . . . , Yn-s) ^-> Fq(Yi, . . . , Yn-s) ®f IP^i^s]- 
Condition (i) implies that Fg[K;] is a finite free Rg :— ¥q[Yi,. .. , l^_s]-module 
and hence Fq(Yi, . . . , Yn-s) ®f ^q[Vs] is a finite-dimensional ¥q{Yi, . . . , l^i_s)-vector 
space. Furthermore, the dimension of Fg(Fi, . . . ,y„_s)(g)= Fg[T4] as Fg(Yi, . . . , Yn-s)- 

vector space equals the rank of Fg[ys] as P^-module. On the other hand, since Rg 
is integrally closed, we have that the minimal dependence equation of an arbirtrary 
element / G Fq[ys] over ¥q{Yi, . . . ,Yn-s) equals the minimal integral dependence 
equation of / over Rs (see e.g. |35l Lemma IL2.15]). Combining this remark 
with the fact that F„_s+i induces a primitive element of the Fg -algebra extension 
¥q{Yi, ..., Yn-s) =-> ¥q{Yi, ..., Yn-s)<E>f¥q[Vs], wc couclude that Yn-s+i also induces 

a primitive element of the F^-algebra extension Rs ^-> 1F5[T4]. This shows condition 
(ii) and finishes the proof of the proposition. D 

3.2. Lifting fibers not meeting a discriminant. Our second step is to find 
lifting points p(-^+i' g A"^**^^ for < s < r — 1 such that the corresponding 
lifting fiber Vp(s+i) has the following property: for any point P S Vpcs+i), the 
morphism ttc, is unramified at ns{P). With this condition we shall be able to find 
a geometric solution of the variety Vs such that no point P £ Vp{B+i) annihilates 
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the discriminant of the corresponding minimal polynomial g'"' , which in turn will 
allow us to avoid dealing with multiplicities during the computations. 

For this purpose we need the following technical result, which is a slightly sim- 
plified version of 1271 Lemma 1 (Hi)] with an improved degree estimate. 

Lemma 3.2. With notations and assumptions as above, let us fix s with 1 < s < r. 
Let As be the polynomial of the statement of Proposition \3.1\ and let be given a 
polynomial H S Fq[A, r,X] of degree at most D. Suppose that the Zariski closure 
Vs of the set (a("-''+i)" x A"-*+i x Vs) n {H ^ 0, A,, j^ 0} satisfies the condition 
dim Vs < (n — s + l)(n + 2) — 2. Then the Zariski closure of the image of Vs 
under the morphism $* : a("-"+i)" x A"-"+i x X^ ^ ^(n-s+i)™ ^ A"~"+i x A""" 
defined by $*(A,7.a;) :— (A, 7, A* a; + 7*) is empty or is contained in a hypersurface 
gj:^{n-s+i)n ^ j^n-s+1 ^ ^n-s ^j ^g^^gg ^^ ^^^^ 2(n - s + 2)06'^^ (here X* and 7* 
denote the first n — s rows of A and 7 respectively) . 

Proof. We use the notations of the proof of Proposition |^2 Since the Chow form 
Pv^ of the variety Vg is a separable element of ¥q{A,r,Yi, . . . ,Yn-s)[Yn-s+i], we 
conclude that dPyJdYn-s+i is not a zero divisor of Fq[A,r, y]/(PyJ, and hence of 
the Fg-algebra Fg[A,r] ®-g ¥q[Vs]. Arguing as in the proof of identity (j3.4(l . we see 
that the following identity holds in Fg[A, T] i^if %[Vs]: 

(3.6) {dPvJdYn-s+i){A,T,Y)^k + {dPvJdA„^s+iM)i^,r,Y) = 0, 

where F := A^ + F and ^ := (^1, . . . , ^„) is the vector of coordinate functions of Vg 
induced by X. 

Let H G Fq[A,F, y] be the polynomial obtained by replacing in H the variable 
A^fe by —{dPvJ dYn^s+i)^^ {dPvs / dAn~s+i,k) for 1 < fc < n and clearing denomi- 
nators. Observe that degj. H — degj. H < D6s and degy^^ r^ < [n — s + l)D5s 
holds. 

Let R := Res^ _ (Py^ ,H) e Fq[A, F, Yi, . . . , y„_s] be the resultant of Py^ and 

H with respect to the variable Yn~s+i- Observe that the Sylvester matrix of Py^ 
and iJ is a matrix of size at most [D + l)5s x (I? + l)5s with at most D5s columns 
consisting of coefficients of Py^ or zero entries, and at most 5s columns consisting of 
coefficients of iJ or zero entries. This shows that degi? < 2{n — s + 2)D6l holds. On 
the other hand, from identity H3.6|) and the properties of the resultant we conclude 
that i?(A, F, Yi, . . . , Yn-s) vanishes on the variety Vs- Furthermore, the assumption 
dim Vs<{n-s + \){n + 2) - 2 implies R{K, F, Fi, . . . , ?„_«) ^ 0. This finishes the 
proof of the lemma. D 

Now we are ready to prove the main theorem of this section. This result states 
an appropriate bound for the degree of a certain polynomial, whose nonvanishing 
expresses a suitable genericity condition for the coefficients of the linear forms 
Yi, . . . ,Yn and the coordinates of the lifting points p(*+i) (1 < s < r — 1) we 
are looking for. Let us remark that a similar result, with higher degree estimates, 
is proved in [271 Theorem 3] for a Q-definable affine equidimensional variety of 
C". Unfortunately, the proof of [271 Theorem 3] makes an essential use of the fact 
that the underlying variety is defined over Q and therefore cannot be used in our 
situation. On the other hand, we obtain a significant improvement of the degree 
estimates of [23 Theorem 3], which is a critical point for our subsequent purposes. 
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Theorem 3.3. Let notations be as in Provosition XS. 1\ and let us fix s with 1 < s < r. 



Then there exists a nonzero polynomial Bg G Fg[A, F, Yi, 
4(n — s + ?>)'^nd5l5lj^i, such that for any (A,7, P) £ A 
with Bs{X,^,P) i^ the following conditions are satisfied: 



, Yn-s], of degree at most 



(n — s+l)n 



I n — s+1 



(j) Let Y :— (Yi, . . . , Yn-s+i) '■— XX + 7. Then the mapping tTs '■ Vs ^ 
defined by tTs{x) := (Yi{x), . . . ,Yn^s{x)) is a finite morphism, P G 
is a lifting point o/tTs and Yn-s+i is a primitive element of Tr^^{P). 



{a) Let P* G A'^ 



he the vector that consists of the first n — s — 1 coordinates 



{Hi) 



of P. Then the mapping tTs+i '■ Vg+i -^ A" " defined by 7rs+i(a:) := 
(Yi{x), . . . ,Yn^s-i{x)) is a finite morphism, P* is a lifting point of tTs+i 
and Yn-s is a primitive element of n~^j^{P*). 

Any point Q G 7Ts(TrJ_^_i{P*)') is a lifting point of tTs and Yn-s+i is a prim- 
itive element of ttJ^{Q) for any Q G tTs(tt'^_^_^{P*)) . 



Proof. Let A^ and Ag+i be the polynomials obtained by applying Proposition l3.1l to 
the varieties Vs and l^+i respectively. Let Ds,Ds+i G Fg[A, r,X] be the following 
polynomials: 



D, := det 



/ Ai 



A„_s,i 

dFi 
dXi 



V dXi 



Ai,„ \ 



A, 



n — s^n 
dXr, 



OF, I 
dX„ ' 



Ds+i ■■= det 



/ ^1. 



A,i-s-i.i 

dFi 
dXi 



OF,. 



9X1 



Ai,„ \ 



-^^n— s— 1/ 
dFi 

ax„ 



dF, 



ax. 



^ J 



We claim that the Zariski closure of the set (A("-^+i)" x A"-"+i x Vs) n {£>« = 



0, As ^ 0} is empty or an equidimensional affine subvariety of A^" «+!)" x A"" 



s+l , 



of dimension (n 



l){n- 



2. 



In order to prove this claim, let Vs = Ci U • • • U Ct be the decomposition of 



Vs into irreducible components. Then we have that 
U*^, A("^^+i)" X A"-"+i X C, is the decomposition of j 



\{n—s-\-l)n 
(n— s+l)n V 



X V, into 



\n—s+l 



irreducible components. Let 



(n — s+l)n 



\ n — s+l 



X C be any of these irreducible 



components and let a; G C be a nonsingular point of Vs- Then Z?s(A, x) 7^ 
holds and therefore there exists A G a("^''+^^" such that Z?s(A,x) 7^ holds. This 
shows that there exists a point (A, 7,0:) G a("^*+^^" x A"^^+-'^ x C not belonging 
to the hypersurface {Dg — 0}. On the other hand, Ds(0,a;) = holds for any 
X G Vs^ where represents the zero matrix of A'^"^'*+^^". This proves that {Ds = 



n— s+l)n 



V ra — s+l 



X Va) is an equidimensional variety of dimension in 



(n — s+l)n 



\ n — s+l 



0} n (A( 

s + l)(n + 2) — 2 and hence the Zariski closure of the set 

Vs) C\ {Ds = 0, As ^ 0} is either empty or an equidimensional variety of dimension 

(n — s + l)(?i + 2) — 2. This shows the claim. 

The same argument mutatis mutandis shows that the Zariski closure of the set 
(A("~*'" X A"~* X Vs+i) n {-Ds+i = Q,As+i 7^ 0} is empty or an equidimensional 
affine subvariety of A^"^'*^" x A"^'* x A" of dimension (n — s)(n + 2) — 2 
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Let US consider the following niorphisms: 

$s : (A("-''+1)" X A"-^+l xVs)r\{Ds= 0, As ^ 0} ^ ^(n-s+l)n ^ ^n-s+1 ^ ^i^s 

(A, 7,2;) t-^ {X,j,Yi{x),...,Yr,-s{x)) 

$s+i : (A("-'*)" X A"-" X T^+i) n {A+i = 0, ^+1 ^ 0} ^ A^"-'')" x A"-'* x A"-'*~i 

(A*, 7*, x) ^ (A*, 7*,>l(a;), . . . X-s-i{x)) 

From the claims above and Lemma lS^ we deduce that the Zariski closure of /m($s) 
is contained in a hypersurface of A'^"~''+^)" x A"'~''+'^ x A"~^ of degree at most 
2(n — s + 2)n{d — 1)6"^, and the Zariski closure of Im{^s+i) is contained in a 
hypersurface of A'"^'*)" x A"^** x A"^"^-^ of degree at most 2{n — s + l)n{d—l)6'^_^_i. 
Let us denote by B^ G FJA, F, Fi, . . . , ?„_,] and B^+i £ FJA, F, ?!,... , r„_,_i] the 
polynomials defining these hypersurfaces respectively. 

Let Ps,Ps+i G Ig[A, F, Yi, . . . ,l^_s] be the (nonzero) discriminants of the vari- 
eties Vs and Vs+i, as defined in eq. H3.2|l of the proof of Proposition 13.11 Recall 
that degps < {n — s + 2)(2(5^ — Sg) and degps+i < (n — s + l){2S^^i — Sg+i) holds. 

Claim. The locally closed set (a("-''+i)" x A"-''+i x K+i) n {p,.B, = 0, A^+i ^ 0} 
has dimension at most (n — s + l)(n + 2) — 3. 

Proof of Claim. Let us observe that, from the definition of the polynomial Ag, we 
deduce that the mapping ^^ above induces a finite morphism of varieties, which 
we shall denote also $s by a slight abuse of notation: 

$s : (A("-''+i)" X A"-^+i X Vs)n{As ^0}-^ ((A("-^+i)" x A"-"+i)n{A,. ^ 0}) x A"^" 

(A,7,a;) ^ {X,-f,Yi{x), . . . ,Yn-s{x)) 

Since (A("^''+^^" x A"^'*+^ x Vs)r\{Ds — O^A^ ^ 0} is an equidimensional subvariety 
of (Af^-'^+i)" X A"-"+i xVs)n{Asj^ 0} of dimension (n - s + 2) (n + 1) - 2, we see 
that ^s{{Ds = 0}) is a hypersurface of (A("-*+i)" x A"-"+i n {A^ ^ 0}) x A""", 
which is therefore definable by the polynomial Eg. This means that the identity 
<^si{Ds = 0,As^ 0}) = {Bs = 0, A, ^ 0} holds. 

From the cyhndrical structure of the variety a("~''+^^" x A"~''+^ x T^+i we 
conclude that no irreducible component of this variety is contained in {As = 0}. 
This implies that V D {As 7^ 0} is a dense open subset of V for any irreducible 
component V of A'^"^*+^^"xA"^'*+^ xVs+i- Suppose that there exists an irreducible 
component V of A("-''+i)" x A'^-'+i x Vs+i contained in <i>-^{{psBs = 0}). Then 

V n {As ^ 0} c <^;\{psBs - 0}) n {As ^ 0} = <p;\{psBs = o} n {As + o}), 

which implies 

$,(p n {As + 0}) c $s o ^-^{{psBs - 0} n {As ^ 0}) c {psBs = 0} n {As ^ o}. 

We conclude that $s(2?) C {psBg = 0} holds. Now we are going to show that 
the condition $s(2?) C {psBs — 0} leads to a contradiction. Indeed, we observe 
that there exists an irreducible component Vq of Vs+i for which V = a("^*+^'" x 
^n-s+i ^ 2?^ holds. Let x £ I?o be a nonsingular point of T^+ii which is also a 
nonsingular point of Vs. Hence, for a generic choice of a point (A, 7) G a^"~''+^-'" x 
A'^-^+i, the fiber VF^ := Kn{A*X+7* = A*a;+7*} is unramified (seee.g. [321 §5 A]) 
and the linear form A^"~'*+^-'X-|-7„_s+i separates the points of Wg. This shows that 
any point y E Vs f) {X*X + 7* = A*a; + 7*} satisfies the conditions Ds{X, 7, y) ^ 
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and ps{\,'^,y) ^ 0. We conclude that the point (A, 7, X*x + 7*) belongs to the set 
$s(P) \ {psBs = 0}, contradicting thus the condition $s(2?) C {psBs = 0}. This 
finishes the proof of our claim. 

From the claim and Lemma 13.21 we deduce that the image of the morphism 

(A,7,a;) ^ {X,-f,Yi{x),.--,Yn-s-i{x)) 

is contained in a hypersurface of a("^'*+^)" x A"^*+-'^ x A"^*'^^ of degree at most 
A{n — s + 2)'^ndS'^6g^i. Let Bg denote the defining equation of this hypersurface. 

Let i?s := AgAs+iPsPs+iBsBg+iBs- Observe that deg S^ < 4:{n—s+3)'^ndS^6'^^i 
holds. Let (A,7,P) £ A("-"+i)"xA"-"+ixA"-* be a point satisfying B^ (A, 7, P) ^ 
0. We claim that (A,7, P) satisfies conditions (i), (m) and {in) of the statement of 
Theorem 13. 31 Let (A* , 7*) denote the first n — s rows of (A, 7) and let P* denote the 
vector consisting of the first n — .s — l coordinates of P. Since As(A,7)As+i(A*,7*) 7^ 
holds, from Proposition 13 . II we conclude that the mappings tTs : Vg ^ A""'' and 
TTs+i : Vs+i -^ A"^**^^ defined by the linear forms Yi, . . . , Yn-s and Yi, . . . , Yn-s-i 
are finite morphisms. Since As{X,'y) ^ holds, the condition Ps(A,7,P) ^ 
implies that Ds{X,j,x) ^ holds for any x G 7rJ^(P). Therefore, we see that P 
is a lifting point of the morphism tt^ . A similar argument as above shows that P* 
is a lifting point of the morphism tTs+i- Finally, the conditions Ps{X, 7, P) ^ and 
/9s+i(A*, 7*, P*) 7^ show that Yn-s+i and Y^-s are primitive elements of 7r7^(P) 
and ttJ_^i{P*) respectively. On the other hand, the conditions i?s(A,7,P*) ^ 
and As+i(A*,7*) ^ imply that (psi?s)(A,7, P*, y„_s(a;)) ^ holds for any a; £ 
7r^_^j^(P*). Therefore, since As{X,^) ^ holds, we deduce that Z?s(A,7, Q) ^ and 
Ps{X,'^,7Ts{Q)) ^ hold for any point Q £ tt-\P* ,Y,,^s{x)) with x G tt~^^{P*). 
This shows condition [in) of the statement of Theorem 13. 31 D 

In order to find a rational point of our input variety V we are going to determine 
a suitable absolutely irreducible plane F^ -curve of the form V Ci L, where L is an 
Fq -definable affine linear subspace of A" of dimension r + 1. For this purpose, we 
are going to find an Fg -definable Noether normalization of V, represented by a 
(Fq -definable) finite linear projection tt : V ^ A""'', and a lifting point P G F"^'' 
of IT. Unfortunately, the existence of the morphism vr and the point P cannot be 
guaranteed unless the number of elements of ¥q is high enough. Our next result 
exhibits a genericity condition underlying the choice of n and P whose degree 
depends on 5r '■— deg Vr, rather than on S := maxi<s<j. 5^. 

Corollary 3.4. With notations as in Provosition \3. 1\ and Theorem, \y.'d\ there exists 
a nonzero polynomial B G Fq[A,r,li, . . . ,y„_r] of degree at most {n--r+2){2ndS^~ 
Sr) such that for any (A,7,P) G A("-''+i)" x A"-''+i x A"-'' with B{X,-f,P) ^ 
the following conditions are satisfied: 

Let Z :— (Z\, . . . , Z„_r+i) '■— AX + 7. Then the mapping tt : Vr —^ A"^'' defined 
by tt{x) := [Zi{x), . . . , Zn-r{x)) is a finite morphism, P G A"^*" is a lifting point 
of TT and Zn-r+i is a primitive element of Tr^^{P). 

Proof. Let B := ArPrBr, where Ar is the polynomial of the statement of Propo- 
sition 13.11 for s — r, Br is the polynomial of the proof of Theorem 13.31 with 
s = 7' — 1 and pr is the discriminant introduced in eq. H3.2|l of the proof of 
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ProDOsition l3.il Observe that degB < {n — r + 2){2ndS^ — Sr) holds. Now, if 
(A, 7, P) e A("-''+i)" X A"-''+i X A"-'' is any point for which B{X, J,P)^0 holds, 
a similar argument as in the last paragraph of the proof of Theorem 13.31 shows 
that the linear forms Z :— XX + 7 and the point P satisfy the conditions in the 
statement of the corollary. D 



Combining Theorem 12.21 and Corollary 13.41 we conclude that, if q > ( 



n — r 



2)(2ndS^ — 5r) holds, then there exists an Fg -definable Noether normalization of 
the variety V and a lifting point P G F"^^ of tt. 

3.3. A reduction to the bidimensional case. In this section we finish our con- 
siderations about the preparation of the input data by reducing our problem of 
computing a rational point of (the absolutely irreducible Fg -variety) V := Vr to 
that of computing a rational point of an absolutely irreducible plane Fg -curve. For 
this purpose, we have the first Bertini theorem (see e.g. 02, §11.6.1, Theorem 1]), 
which asserts that the intersection V CiL oi V with a generic afhne linear subspace 
L of A" of dimension r + 1 is an absolutely irreducible plane curve. If V fl L is 
an absolutely irreducible Fg-curve, then Weil's estimate (see e.g. |SH1j 0S) assures 
that we have "good probability" of finding a rational point in V (1 L. The main 
result of this section exhibits an estimate on the degree of the genericity condition 
underlying the choice of L. 

Assume that we are given a point (A,7, P) G a("^'"+-^^" x A"^''+^ x A''^*" 
for which P(A,7,P) ^ holds, where B is the polynomial of the statement 
of CoroUarv 13.41 Let {Zi, . . . , Zn-r+i) = AA + 7, let Yn-r+2, ■ ■ ■ ,Yn be lin- 
ear forms such that Zi, . . . , Zn-r+ii Yn-r+2, ■ ■ ■ ,Yn are Fg -linear independent, and 
let P ;= (pi, . . . ,p„_r)- Then the mapping -k : V ^ A"^'' defined by ti{x) := 
(Zi(a;), . . . , Zn-r{x)) is a finite morphism, and therefore the image W := Tr(F) of 
V under the mapping 7? : F — > A"~''+^ defined by t:{x) := {Zi{x), . . . , Zn-r+iix)) 
is a hypersurface of A"~''+^. The choice oi Zi, . . . ,Zn-r+i implies that this hy- 
persurface has degree Sr and is defined by a polynomial q^^^ G Fg[Zi, . . . , Zn-r+i] 
monic in Zn-r+i- 

Let V ■- {x e A" : {dq'^'-'> /dZn-r+i){Zi{x), . . . , Z„-r+iix)) = 0} and W := 
{z G A"-''+i : {dq^''''>/dZn-r+i){z) = 0}. Our following result shows that the 
variety V is birationally equivalent to the hypersurface W C A"~''+^. 



Lemma 3.5. 



T^ly-.y : V \V ^ W \W is an isomorphism of Zariski open sets. 



Proof. Let us observe that n(V\V)czW\ W. Then n\y^y : V \V ^ W \W is a 
well-defined morphism. 

We claim that n is an injective mapping. Indeed, specializing identity (|3.4|) 
of the proof of Proposition 13.11 into the values An-r+ij := A„_.r+i j (1 < j < 
n) and r„_r+i — In-r+i we deduce that there exist polynomials vi,...,v„ G 
Fg[Zi, . . . , Zn-r+i] such that for 1 < i < n the following identity holds: 

(3.7) v,{Zi, . . . , Zn-r+i) - A, • idq^^'^/dZ„^r+i){Zi, . . . , Z„_,+i) = mod /(]/) . 

Let x := {xi, . . . ,Xn),x' :— {x[, . . . ,a;^J G ^ \ V^ satisfy 7r(x) = tt{x'). We have 
Zi{x) — Zi{x') for l<i<n — r-|-l. Then from identity 1)3.7(1 we conclude that 
Xi — x[ for 1 < i < n, which shows our claim. 
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Now we show that 7r|y, ^ : V \V -^ W \ W is a surjective mappmg. Let 
go := dq^^'/dZn-r+i- Let be given an arbitrary element z :— {zi, . . . ,Zn-r+i) of 
W\W, and let 

X := {{vi/qo){z), ..., {vn/qo){z)). 

We claim that x belongs to V"\V". Indeed, let F be an arbitrary element of the ideal 
I{V) and let F := (90(^1, ■ ■ ■ , Z„_r+i))^F, where N := degi^. Then there exists 
G G FjTi, . . . , r„+i] such that F = G{qoXi, ..., qoX,,, go) holds. Since F £ I{V), 
for any z' ^ V we have F{z') = 0, and hence from identity 1)3. 7|l we conclude that 
G{vi, . . . ,Vn,qo){Zi{z'), . . . ,Zn-r+iiz')) = holds. This shows that g^''^ divides 
F := G{vi, . . . ,Vn,qo) in ]Fg[^i, • ■ ■ , ^n-r+i] and therefore F{z) — qo{z)^ F{x) = 
holds. Taking into account that qo{z) ^ we conclude that F{x) = holds, i.e. 

xeV\V. 

In order to finish the proof of the surjectivity of n there remains to prove that 
tt{x) = z holds. We observe that identity (|3.7|) shows that any z' gV satisfies 

n 
Z^{z')qQ(Zi{z'),. .. ,Zn^r+l{z')) ~^XtjVj(Zi{z'),.. . , Zn-r+l{z')) = 

for l<i<n — r + 1. Then q^^' divides the polynomial Ziqo — '^^^i^.jVj in 
Fg[Zi, . . . Zn-r+i], which implies z^ = I]"=i ^i,3i'"3/lo)iz) = I]"=i ^i,i ^j ^r 1 < 
i < n — r + 1. This proves that tt{x) — z holds. 

Finally we show that 7?|y\^> : V \V ^ W \W is a.n isomorphism. Let 

(p : W\W -^ V\V 

z 1-^ {{vi/qQ){z),...,{vn/qQ){z)). 

Our previous discussion shows that (/) is a well-defined morphism. Furthermore, our 
arguments above show that n o (f> is the identity mapping of M^ \ W. This finishes 
the proof of the lemma. D 

Let us remark that a similar result for the varieties Vi, . . . , Vr-i can be easily 
established following the proof of Lemma 13.51 mutatis mutandis. 

Now we prove the main result of this section: 

Theorem 3.6. Let notations and assumptions be as above. Suppose further that 
the variety V :— Vr is absolutely irreducible. Let 51 := (fii, . . . , il„_,.) and T be 
new indeterminates. Then there exists a nonzero polynomial C G ¥q[Q] of degree at 
most 2Sf with the following property: 

Let Lo := (wi, . . . , w„_r) G A"^^ satisfy C{lu) ^ 0, and let Li^ be the (r + 1)- 
dimensional affine linear variety parametrized by Zj = lojT + Pj (1 < J < ?^ — r), 
Zn-r+i = Zn-r+i, Yn-r+j = Yn-r+j (2 < j < r). Then V C\ L^ is an absolutely 
irreducible affine variety of dimension L 

Proof. Lemma [3.51 shows that V is birational to the hypersurface W C A"^'"+^. 
Since V is absolutely irreducible, we conclude that W is absolutely irreducible 
and therefore (/'''•' is an absolutely irreducible polynomial. Following [201, let q G 
F,[r2,T][Z„_r+i] be the polynomial g := q^'^^{VtiT+pi, . . . ,Vtn-rT +Pn-r, Zn-r+i) ■ 
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Since g*^''-' is a monic element of Fg[Zi, . . . , Z„_,.][Z„_j.+i], we easily conclude 
that g is a monic element of Fg[^2,T][Z„_r+l]• 
We claim that q{n, 0, Z„_r+i) is a separable element of Fg[ri][Z„_r+i]- Indeed, we 
have that q{fl, 0, Zn-r+i) — q {P, ^n-r+i) holds. Then the proof of Proposition 
13.11 shows that the choice of P implies that the discriminant of the polynomial 
q'-^^PjZn-r+i) does not vanish. This means that q{n,0, Zn^r+i) is a separable 
element of F, [17] [Zn-r+i] ■ 

Therefore, applying PUI Theorem 5] we conclude that there exist a polynomial 
C G ¥g[n] of degree bounded by ^Sf - 25^ + \Sl < 26j such that for any oj E A"-'' 
with C{uj) ^ 0, the polynomial q{uj, T, Zn-r+i) is absolutely irreducible. From this 
we immediately deduce the statement of the theorem. D 



4. The computation of a geometric solution of V 

Let notations and assumptions be as in Section|21 In this section we shall exhibit 
an algorithm which computes a geometric solution of a (K-definable) lifting fiber 
Vp(r-) of the input variety V. 

In order to describe this algorithm, we need a simultaneous Noether normaliza- 
tion of the varieties Vi, . . . ,Vr and lifting points p(^+i) 6 A"~*~^ for < s < r — 1 
such that the corresponding lifting fiber Vp{s+i) has the following property: for 
any point P G Vp(s+i), the morphism tTs is unramified at 7rs(P). For this pur- 
pose, let A :— (Aij)i<ij<„ be a matrix of indeterminates and let F := (Fi, . . . , F„) 
be a vector of indeterminates. Let X :— {Xi, . . . , Xn) and let Y := AX + F. Let 
Bs G Fg [A, F, y] be the polynomial of the statement of Theorem l3.3l for 1 < s < r — 1 
and let B := dct(A) JJlZl Bs- Observe that degB < An'^dS^ holds. 

Let K be a finite field extension of Fg of cardinality greater than GOn'^dS'^ and 
let (A,7,P) be a point randomly chosen in the set K" x K" x K"~'^. Theorem 12.21 
shows that B{X,'y,P) does not vanish with probability at least 14/15. From now 
on, we shall assume that we have chosen {X,j,P) G K" x K" x K"^"" satisfying 
P(A,7,P)^0. Let (ri,...,y„) := XX + J and P -.^ (pi, . . . ,pn.r). 

From Theorem 13.31 we conclude that Yi, . . . ,Yn induce a simultaneous Noether 
normalization of the varieties Vi, . . . ,Vr and the point P'-'^+i) := (pi^ . . . ,p„„s„i) 
satisfies the condition above for < s < r — 1. Let us observe that the fact that the 
linear forms Yi, . . . ,Yn belong to K[Xi, . . . , A"„] and P belongs to K"^'' immediately 
implies that the lifting fiber Vp(s) is a K- variety for 1 < s < r. 

The algorithm computing a geometric solution of Vp(r) is a recursive procedure 
which proceeds in r — 1 steps. In the s-th step we compute a geometric solution of 
the lifting fiber Vp(s+i) from a geometric solution of the lifting fiber Vp(s). Recall 
that VpM := 7r7i(p(^)) = V^ D {Yi = pi, . . . ,Yn-s = Pn^s}- For this purpose, 
we first "lift" the geometric solution of the fiber Vp(s) to a geometric solution 
of the affine equidimensional unidimensional K-variety Wp(s+i) := Vg Cl {Yi ~ 
Pi, . . . ,Yn-s-i — Pn-s-i} (see Section lOl below'). The variety Wp{!,+i) is called 
a lifting curve. Then, from this geometric solution we obtain a geometric solution 
of the lifting fiber Vp(a+i) = Wp(s+i) fl V{Fs+i). This is done by computing the 
minimal equation satisfied by Yn~s+i in Vpis+i) (see Section l4.2|l . from which we 
obtain a geometric solution of Vp(s+i) by a suitable effective version of the Shape 
Lemma (see Section ^^J- 
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4.1. Prom the lifting fiber Vpis) to the lifting curve Wp(s+i). In this section 
we describe the procedure which computes a geometric solution of the hfting curve 
Wp{s+i) , from a geometric solution of the lifting fiber Vp(s) . 

Let TTs : Vs ^ A"~* and tTs : Vg ^ ^n-s+i ^g ^j-^g linear projection mappings 
determined by the linear forms Yi, . . . , Y„^s and Yi, . . . , l^^^+i respectively. From 
Theorem l3.3l we know that tt^ is a finite morphism and Y^-s+i is a primitive element 
of the integral ring extension Rg :— Fg[Yi, . . . ,y„_s] ^^ Ig[^s]- Furthermore, the 
minimal polynomial q'-''' G ¥q[Yi, . . . , Yn^g+i] of Yn-s+i has degree Ss and equals, 
up to a nonzero element of Fg, the defining polynomial of the hypersurface Trs{Vs). 
Since 7Ts{Vs) is a K-hypersurface, we may assume without loss of generality that q^'^' 
belongs to K[Yi, . . . , y„_s+i]- This assumption, together with the proof of Lemma 
13.51 shows that there exists a geometric solution of Vg consisting of polynomials 
q^"^ , vi'L+2 , . . . , «i'^ of K [Fi , . . . , y„_,+i] . 

We observe that our choice of P^**^ implies that the discriminant of q^^^ with 
respect to Yn-s+i does not vanish in P^^\ Therefore, the above geometric solution 
of Vs is compatible with P^*) in the sense of Section [T^ and hence the polynomials 
q^''\P^''\Yn-s+i),vl^_^^j{P^''\Yn-s+i) (2 < j < s) form a geometric solution of 
Vp(B) with Yn^s+i as primitive element. We shall assume that we are given such a 
geometric solution of Vp(s-) . 

Let us observe that Wp(B+i) can be described as the set of common zeros of 
Yi - pi, . . . , Yn-s~i - _p,i-s-i. Pi, . . . , Ps or, equivalently, of Yi - pi, . . . , Yn-s-i - 
p„_,_i,Pi(P(^+i), Y„_„ . . . , Y„), . . . ,P,(P(^+1), Y„_„ . . . , Y„). In particular we see 
that Wp(s+i) is a K-variety. In order to find a geometric solution of Wp(,,+i) we are 
going to apply the global Newton-Hensel procedure of 23 . For this purpose, we 
need the following result. 

Lemma 4.1. Pi(P(«+i), Y„_,, . . . ,Y„), . . . ,Fs{P^'+^\ Y„_,, . . . ,Y„) generate a radi- 
cal ideal of K[Y„_s, . . . , Y„] and form a regular sequence of K[Yn-s, • ■ • , Y„], and 
Wp{s+i) has degree 6s. 

Proof We first show that Pi(p("+i), Y„_, . . . Y„), . . . , F^iP'^^'+^^Yn-s, • ■ ■ , Y„) form 
a regular sequence. Let Ls+i C A" be the affine linear variety Ls+i := {Yi = 
Pi, . . . , Y„_s_(_i = Pn-s+i}- Observe that, for 1 < i < s, the discriminant p*-*-' of 
the polynomial g^*^ with respect to Y„_i+i does not vanish in P^*^ :— {pi, . . . ,Pn-i)- 
This implies that ^(^'(P^*"''^', Y„_s, ■ ■ • ,Y„_i_|_i) is a separable polynomial of 
K[Y„_„...,Y„_,+i] for 1 < 1 < s. Hence, V^ n P^+i n {9gW/9Y„_,+i 7^ 0} is 
a nonempty Zariski-dense open set of Vi D Ls+i- Following Lemma [3.51 let Vi :— 
{x e A" : {dq^''>/dYn^,+,)ix) ^ 0}, m := ^V,) and W^ := n,{V,) for^< i < s. 
We have 7r,((y, \ V,) n P^+i) = {Wi \ Wi) n L^+i- Therefore, sincejW^i \ VF,)_n P^+i 
has dimension s + 1 — i, and taking into account that 7ri|y..i y. : Vi\Vi -^ Wi\Wi is an 

isomorphism of locally closed sets, we conclude that {Vi \ Vi) fl P^+i has dimension 
s + 1 — i, which implies that Vi D P^+i has dimension s + 1 — i for 1 < i < s. This 
proves that Pi (p(«+i) , Y„_„ . . . , Y„), . . . , P, (p(*+i) , Y„_„ . . . , Y„) form a regular 
sequence of K[Y„_3, . . . , Y„]. 

Now we prove that deg Wpis+i) = 5^ holds. Observe that our previous argumen- 
tation shows that Wp{s+i) = Vs CiLs+i is an equidimensional variety of dimension 1 
which, by the Bezout inequality H2.1fl . satisfies the degree estimate deg Wp(s+i) < Ss- 
On the other hand, since TTg is a finite morphism we conclude that the restriction 
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mapping 7Ts\w f ,y, '■ Wp(s+i) —>■ Lg+i is also a finite niorphism. Furthermore, our 
choice of P(") implies that i^{TTs\w^^,^^)~HP^''') ^^t^sHP^''') = 6s holds. Then 

Ss = #7r;i(p(^)) = #(W^p,.+i, n {Yn-s=Pn-s}) < degM^p(.+i) < (5„ 

which proves our second assertion. 

There remains to prove that Fi(p(^+i), r„_„ . . . ,r„), . . . ,F,{P^'+^\ r„_„ . . . ,Yn) 
generate a radical ideal of K[y„_s, . . . , F„]. Let Tr*^^ : Wp(s+i) -^ A''+^ be the pro- 
jection defined by Yn-s, ■ ■ ■ ,Yn. Observe that Wp(s+i) := T^l+iiWpis+i) ) is the sub- 
variety of A«+i defined by Pi(P(^+i), r„_3, . . . , y„), . . . , F,(P(«+i),y„_„ . . . , y„) 
and is isomorphic to Wp(!,+i). Since Wp^^^i^ fl {Yn-s = Pn-s} = i's+i(^p(=)) holds, 
from Lemma |2. II we conclude that the Jacobian determinant 

jp(p(^+i),r„_„ . . . ,r„) := det (ap,(p(^+i),y„_,+i, . . . ,r„)/ar„_,+,)^^^^^.^^ 

does not vanish in any point P G Wpf^^i-^ fl {^,1-^ = Pn-s}- Furthermore, the 
identity ^[Wpf^+i-, n {F„_s = Pn-s}) = Ss — degWpj^+i) shows that the affine 
linear variety [Yn-s — Pn-s} meets every irreducible component of Wp^^^^y This 
proves that the coordinate function of Wp{s+i) defined by Jp{P'^^^^\Yn-s, ■ ■ ■ , Yn) 
is not a zero divisor of Fg[Wp(s+i)]. Hence, from |14[ Theorem 18.15] we conclude 
that the ideal generated by Pi(P(^+i),y„_„ . . . ,F„), . . . ,P,(P(^+i), r„_„ . . . ,r„) 
is radical. D 

Using the notations of the proof of Lemma ETl let tt*^i : Wp(s+i) -^ A''^^ be the 
projection mapping defined by Yn-s, . . . , K„, and let VFp(^,+i) := 7r*_,_;^(Wp(a+i) ) and 
^P(s) '■— 7rJ+i(Vp(s)). Then the projection tTs+i : Wp^,^^ -^ A^ induced by Yn-s is 
a finite morphism of degree Ss, whose fiber Tf~^i{pn-s) = ^p(s) is unramified. Fur- 
thermore, the polynomials q^'\P'-'\Yn-s+i),v^n-s+jiP'^"\Yn-s+i) (2 < J < s), 
introduced before the statement of Lemma |4. II form a geometric solution of Vp^^y . 
Under these conditions, applying the Global Newton algorithm of |23l II. 4] we con- 
clude that there exists a computation tree /? in K which computes a geometric 
solution of W^p(s+i) , which is also a geometric solution of Wp(s+i) . Let us observe 
that the fact that the input geometric solution of Vp^^y consists of univariate poly- 
nomials with coefficients in K implies that the output geometric solution of Wp{s+i) 
also consists of polynomials with coefficients in K. 

The evaluation of the computation tree /3 requires 0(^{nT+n^)U{6s)^) arithmetic 
operations in K, using at most 0(^{S + n)S'^) arithmetic registers. Here S and T 
denote the space and time of the input straight-line program representing the 
polynomials Pi, . . . , P^ and lA{m) denotes the quantity lA{m) :— to log ?n log log to, 
for any m G N. Let us remark that the asymptotic estimate 0{U{m)) represents the 
bit-complexity of certain basic operations (such as addition, multiplication, division 
and gcd) with integers of bit-size to, and the number of arithmetic operations in 
a given domain R necessary to compute the multiplication, division, resultant, gcd 
and interpolation of univariate polynomials of R[T] of degree at most m (cf. |55j . 
U)- In particular, an arithmetic operation in a finite field K of cardinality #K can 
be (deterministically) performed with 0(W(log#K)) bit operations, using space 
0(log#K). Our assumptions on K imply log#K < 0{\og{qS)). 

From the above considerations we easily deduce the following result: 
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Proposition 4.2. There exists a (deterministic) Turing machine M which has as 
input 

• a straight-line program using space S and time T which represents the 
polynomials Fi, . . . ,Fs, 

• the dense representation of elements of K[y„_3_|_i] which form a geometric 
solution of Vpis) , 

and outputs the dense representation of polynomials of K\Yn-s,Yn-s+i\ which form 
a geometric solution of Wp(s+i). The Turing machine M runs in space OiJ^S + 
n)5l\og{q5)) and time 0{{nT + n^)U{5sfU{\og{q5))). 

4.2. Computing a hypersurface birational to Vp(s+i). The purpose of this 
section is to exhibit an algorithm which computes the minimal equation satisfied 
by the coordinate function induced by a linear form C\ :— Yn^a + Ay„_s-|-i in 
Fg[Vp(s+i)], for a suitable choice of A G K. 

With the notations of the previous section, let 7r*_|^]^ : Wp(s+i) -^ K^^^ be the 
projection defined by Yn-s, ■ • ■ ,^n, let W^p(,+i) := 7r|+i(W^p(=+i)) and let V*^,+r) := 
T:*gj^i{Vp(s+i)). For a given A G K, let Cx G K[i^_s, K„_s+i] denote the hnear form 
C\ :~ Yn-s + Ay„_s+i, and let 7fs+i,A '■ VFp(s+i) -^ A^ be the projection morphism 
defined by 7rs+i^A(a;) := C\{x). Our next result yields a sufficient (and consistent) 
condition on A, which assures that replacing the variable Yn-s by Cx does not 
change the situation obtained after the preprocessing of Section [3. 21 namely t:s+i,x 
is a finite morphism and any element of the set T^s+LxiVpis+i)) is an unramified 
point of TTs+i^A- 

Lemma 4.3. Let A he an indeterminate. There exists a nonzero polynomial Eg G 
Fg[A] of degree at most 4(5'^, with the following property: 

Let A G A^ he any point with Es{X) ^ 0. and let Cx := Yn-s + AKn-s+i- Then the 
following conditions are satisfied: 

[i) The projection mapping tt^+i.a : l^p(s+i) ^ A"'^ determined by Cx is a finite 

morphism. 
(ii) Cx separates the points of the lifting fiher Vp^^^^., . 
{Hi) Every element of TTs+i^xiVpis+i)) is a lifting point ofiTs+i.x- 

Proof. By the choice of the linear forms Fi, . . . , y„ and the point p(*+i) we have 
that Yn-s+i induces a primitive element of the integral ring extension Fq[y„_s] ^-> 
Fg[Vl^p(s+i)], whose minimal polynomial is q'''^\P^^^^\Yn~s^Yn-s+i). Furthermore, 
Fg[Wp(s+i)] is a free Fg[l^_s]-module of rank Sg- 

First we determine a genericity condition which assures that condition (i) of the 
statement of Lemma l4.3l is satisfied. Let A be a new indeterminate, let Cx '■= i^n-s + 
Ay„_s_|-i, and let q^^' be the following element of K[A, Yi, . . . , y„_3„i, £a, y„_s+i]: 



gi^' ■.^q^'\Yi,...,Yn-s-i,CK^KYn-s+i,Yn- 



s+l) 



Since q^^' has (total) degree 5s and the expression £a ~ ^Yn-s+i is linear in the 
variables £a and Yn-s+l^ we conclude that deg^^ y^_^^j^ q^ < Ss holds. On the 

( s) 

other hand it is clear that q)^ has degree at most Ss in A. Therefore, we may 
express q^ {P'^'^^^\ A, Ca,Y„-s+i) in the following way: 

gi^'(p(^+i),A,£A,y„_,+i)=a,,(A)y,fl,+i+a5,-i(A,Z:A)y„^l,+i + ..- + ao(A,/:A), 



20 A. CAFURE^ AND G. MATERA^-^ 

where a^^ , . . ., oq G K[A,£a] have degree at most Sg- Since q^ {P'-'^'^^\ 0, Yn^s, Xi~s+i) 
^ qi^){p(^+^\Yn-s,Yn^s+i) holds and (?(^)(p(^+i), y„_„ y„_,+i) is a monic el- 
ement of K[y„_s][F„_s+i] of degree Ss in Yn-s+i, we conclude that the leading 
coefficient as^ is a nonzero element of K[A] (of degree at most Ss). We shall prove 
below that for any A with aSsW ¥" condition (i) holds. 

Now we consider condition (m) of the statement of Lemma f4. 31 Let Vp^^+i-, := 
{Qi, . . . , Qs^^i}, and let us consider the following polynomial: 

S,4(A)= Y[ {CAiQj)-CAiQk))- 

l<j<k<Ss + l 

OhseiVCthSitCA{Qj)-CAiQk)^Yn-s{Qj)-Yn-siQk)+A{Yn-s+l{Qj)-Yn-s+l{Qk)) 

holds for 1 < j < k < Sg+i- Therefore, since Yn-s separates the points of the lifting 
fiber Vf^(,^_i) , we conclude that Es_i is a nonzero element of Vq[A] of degree at most 
S'i+i- We shall show below that for any A with Es^i{X) ^ condition (m) holds. 

Finally, we analyze condition (in) of the statement of Lemma |4. 31 Let tTs+i^a '■ 
A^ X Vp(s+i) -^ A^ be the mapping defined by 7rs+i,A(A,a;) := [X,£x{x)). Observe 
that the image of tTs+i^a is a K-hypersurface of A^ of degree Sg+i, which is defined 
by the polynomial q'}^^'\p^'+^\ A, Ca) := ni<,<5.^,(^A " ^a(Q,)) e K[A,/:a]. 
We claim that q'}^^^\P^'+^\ A, Ca) and the discriminant p^l\p^''+'^\ A, Ca) e 

K[A,£a] of the polynomial q^' {P^'^~^^\ A, CA,Yn-s+i) introduced above have no 
nontrivial common factors in K(A)[£a]- Arguing by contradiction, suppose that 
there exists a nontrivial common factor h e K(A)[£a] of g^ (P^^^^', A, £a) and 

P^j^\p('+^\A,£a)- Since q')^;^^\P'<''+^\ A, Ca) is a monic element of K[A][/:a], we 
deduce that there exists a common factor h S K[A,£a] \ K[A] not divisible by A. 
Taking into account that g^''+^^(P("+i), 0, r„_,) = g("+i)(P(''+i), r„_s) holds and 
p'-l\pis+i\ o,r„_,) is the discriminant p(^)(p(^+i), Y,,^s) of g(^)(p(^+i), r„_„ r„_,+i) 
with respect to Yn-s+i, we conclude that h(0, Yn-s) is a nontrivial common factor of 
pi^){p(^+^),Yn-s) and g(''+i)(p(''+i),y„_s). Let a G F, be a root of h{0,Yn-s) and 
let Qhe a point of Vp(s+i) for which a = Yn-siQ) holds. Then (pi, . . . ,pn-s-i, ot) — 
-KsiQ), and q^'^'>{'Ks{Q),Yn-s+i) has less than Ss roots. We conclude that either 
TTsiQ) is not a lifting point of tTs or Yn-s+i is not a primitive element of 7rJ^(7rs((5)), 
contradicting thus condition (iii) of Theorem 13. 31 This proves our claim. 

From our claim we see that the resultant £^3.2 G K[A] of q^jf '^(P*^*+^\ A, £a) 
and /9JY (P'^'^^-', A,£a) with respect to the variable £a is a nonzero element of 
Fg[A] of degree at most 2(2i5s — l)(5s(5s+i. The nonvanishing of £^s,2 is the genericity 
condition which implies condition {Hi), as will be shown below. 

Let Es := as^Es,iEs,2 G %[A]. Observe that deg£^s < AS^ holds. Let A G A^ 
satisfy Es{X) ^ and let L\ :— Yn-s + Ay„-s+i. We claim that conditions (i), (ii) 
and (in) of the statement of Lemma [4.31 hold. 

Let i\, yn-s and yn-s+i denote the coordinate functions of Fg[VKp(s+i)] in- 
duced by C\ := Yn-s + XYn-s+i, Yn-s and Yn-s+i respectively. We have £\ = 
yn-s + Xyn-s+i- From the identity q'-''\P^''+'^\yn-s,yn-s+i) = we deduce that 
q(^)^pis+i)^X, ix,yn-s+i) = holds. Let qi'^ := ^i^^ (A, Fi, . . . , Y^s-uCx, Yns+i). 
Since as^{X) ^ holds, we see that q\^ {P'^'^^^\ Cx,Yn-s+i) is a monic (up to 
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a nonzero element of Fg) element of Fg[£A][^n-s+i], which represents an integral 
dependence equation over Fg[>C>^] for the coordinate function yn-s+i- Assuming 
without loss of generality that X ^ holds, we see that t^s+i,\ '■ W^p(s+i) -^ ^^ is 
a dominant mapping, for otherwise 7rs_|_i : W*i_^j^-^^ — > A^ would not be dominant. 
Therefore, we conclude that Fq[£A] ^^ ^q[ix,yn-s+i] is an integral ring extension, 
which, combined with the fact that Fq[^A, j/„_s+i] -^ Fq[VFp(^^i)] is an integral ring 
extension, implies that Fg[£A] '-^ Fg[VFp(^^i,] is an integral extension. This proves 
that TTs+i > is a finite morphism and shows that condition (i) holds. 

Next, taking into account that Es^i{X) = Y[i<i<j<Ss+i i^^iQi) ~ ^>^iQj)) ¥" 
holds, we conclude that £\ separates the points of the fiber V*f^^^. This shows 
that condition (ii) holds. 

Finally, let Q be an arbitrary point of V*(^_^iy Since Es^2{X) ^ holds, we have 

that the discriminant p{' {P^'+'^\ Cx) of the polynomial q^.^\P^'+^\ Cx,Yn^s+i) 
with respect to y„_s+i does not vanish in Cx{Q). This implies that the polynomial 
q\^ {P^'^'^^\ Cx{Q),Yn-s+i) has Ss distinct roots in F^, which proves that the fiber 
^7+1 x(^^iQ)) ^^^ '^« distinct points, i.e. is unramified. This shows that condition 
(Hi) holds and finishes the proof of the lemma. D 

Since the cardinality of the field K is greater than GOn'^dS'^, from Theorem 12.21 
we see that, for a randomly chosen value A G K, the condition Es{X) ^ holds with 
probability at least 1 — l/60n"'. Assume that we are given such a value A G K and 
let Lx '■— yn-s + Ay„_s+i. We are going to exhibit an algorithm that computes 
the minimal equation of the coordinate function of yp(s+i) induced by Lx- 

Let (a(7i'V5K-s+i)-'(P(^+'\/:A,>;-«+i) be the monic element of Y.{LxWn-s+x\ 
of degree at most (5^ — 1 that is the inverse of (dq'-^ j dYn-s+\){P^-^^^^ ■, L\-,Yn-s+\) mod- 
ulo gi'^(p(^+i),/:A,r„_,+i), and let w'^^\^(P^'^^\ Hx.Yn-s+i) £ Y.{LxWn-s+i\ be 
the remainder of the product v';^l^^{P^'^^\ /:A-Ar„_,+i, K„_,+i)(a<zi'V5>;.-s+i)"' 
(P(^+i),/:a,1;-s+i) modulo gi'^(P(^+i),£A,X.-.+i) for 2 < j < s. Finally, let 

/,+i :=F,+i(p(^+i), Lxyn-s^.i.w'-t,^^{P^'^'-\ CxX-s+l). ■■■, u^i^^ {P^'+'\ CxXn-s+l)) , 

(4.1) gs+i :=Resy„_^,(g(^)(p(^+i),£A,y„-,+i),/.+i 

where I{,esY„_^_^i{f, g) denotes the resultant of / and g with respect to K„_s_|_i. 

Let us observe that /s+i G K{£x)[Yn-s+i] has degree at most d6s (in F„_s+i), 
and the denominators of its coefficients are divisors of a polynomial of K[i2A] of 
degree bounded by {26s — l)<5s- On the other hand, from 23, Corollary 2] it follows 
that gs+i is an element of K[i2A] of degree bounded by dSg- Our next result shows 
that the minimal equation of Cx in K[Vp(s+i)] can be efficiently computed. 

Proposition 4.4. There exists a probabilistic Turing machine M which has as 
input 

• a straight-line program using space S and time T which represents the 
polynomial Ps+i, 

• the dense representation of elements of K[Yn-s,Yn-s+i] which form a geo- 
metric solution ofWp{B+i), as computed in Proposition^^ 
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• a value A e K satisfying the conditions of Leninia \4.3[ 

and outputs the dense representation of the minimal polynomial q^ {P^''^^' , C\) 
G K[£a] of the coordinate function ofVp(s+i) induced by C\. The Turing machine 
M runs m space 0{{S + d)S^Jog{qS)) and time 0{{T + n)U{dSs)U{Ss)U{\og{qS))) 
and outputs the right result with probability at least 1 -- 1/A5n^. 

Proof. Let A € K satisfy the conditions of Lemma [4. 31 Then ^7\ Lemma 8] shows 
that the following identity holds: 

„(s+l)/p(s+l) r\ _ 9s+l 

gcd(gs+i,.g!,+i) 

Therefore, the computation of q^ •'(^p(«+i)^ £^) can be efficiently reduced to that 
of the polynomial 5^+1 of (|4.1|l . The latter may be defined as the resultant with 
respect to the variable Yn-s+i of two elements of K{Yn-s)[Yn- s+i] of degrees 
bounded by Ss and Sg — 1, namely g^*-'(P'^*+^\ l^_s, y„_s+i) and the remainder 
of /,+i modulo g(^)(F("+i),r„_^,r„_^+i). Following [SSI Corollary 11.16], such 
resultant can be computed using the Extended Euclidean Algorithm (EEA for 
short) in K{C\)[Yn-s+i], which requires 0(jJ{6s)) arithmetic operations in K(£a) 
storing at most 0{6s) elements of K{Cx). Furthermore, the computation of fs+i 
requires the (modular) inversion of {dq\^' /dYn-s+i)~^{P'''^'^^'' , Cx,Yn-^s+i), which 
can also be computed applying the EEA in K(£A)[^n-s+i] to the polynomials 
q[^\pis+i)^Cx,Yn.,+i) and {dqi'^ /dYn^,+,)iP<--+'\, Cx.Y^s+i)- 

In order to compute the dense representation of the polynomial gs+i, we shall 
perform the EEA over a ring of power series K|£a — o;] for some "lucky" point 
a e K. Therefore, we have to determine a value a £ K such that all the elements of 
K[£a] which are inverted during the execution of the EEA are invertible elements of 
the ring K|£a ~ ctj. Further, in order to make our algorithm "effective", during its 
execution we shall compute suitable approximations in K[/^a] of the intermediate 
results of our computations, which are obtained by truncating the power series 
of K|£a — Oij that constitute these intermediate results. Therefore, we have to 
determine the degree of precision of the truncated power series required to output 
the right results. 

In order to determine the value a € K, we observe that, similarly to the proof of 
|55[ Theorem 6.52], one deduces that all the denominators of the elements of K(>Ca) 
arising during the application of the EEA to qx {P'^'^^^\ Cx, Yn-s+i) and fs+i are 
divisors of at most (5s + 1 polynomials of K[y„_s] of degree bounded by {dSg + 
6s){26s — l)(5s. On the other hand, the denominators arising during the application 

of the EEA to qi'\P<^^+'\Cx,Yn-s+i) and (dqi'^ /dYn^s+i){P^'+'\Cx,Y^-s+i) 
are divisors of at most Jg + 1 polynomials of K[y„_s] of degree at most {26s — l)<5s- 
Hence the product of all the denominators arising during the two applications of the 
EEA has degree at most {d6s+Ss + l){2Ss-l)Ss{Ss + l) < MS^. Since #K > GOn^dS'^ 
holds, from Theorem 12. 21 we conclude that there exists a £ K that does not vanish 
any denominator arising as an intermediate results of the EEA. Furthermore, the 
probability of finding such a by a random choice in K is at least 1 — l/45n'^. 

On the other hand, since the output of our algorithm is a polynomial of degree 
at most dSs, computing all the power series which arise as intermediate results up 
to order dSs + 1 allows us to output the right result. 
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Our algorithm computing 5s+i inverts {dq\^ /dYn-s+i){P'''^^^\ ^x,Yn-s+i) mod- 
ulo qi'\p('+^\Cx,Y„^s+i), computes wi'l^^^{P'^'+^\ Cx,Yn-s+i) for 2 < j < s, 
then computes fs+i modulo q^^' {P^''^^'> , Cx,Yn-s+i), and finally computes gs+i- 
All these steps require O (^{T + n)U {6 s)) arithmetic operations in K{C\), storing at 
most 0{S5s) elements of K{C\). Each of these arithmetic operations is performed 
in the power series ring K|£a — a] at precision dSg + 1, and then requires 0(U{dSs)) 
arithmetic operations in K, storing at most 0{dSs) elements of K. Therefore, we 
conclude that the whole algorithm computing .g^+i requires 0{{T + n)V({d6s)U{5s)) 
arithmetic operations in K, storing at most 0[{S + d)S^) elements of K. 

Finally, the computation of q]^ {P'^'^^^\ Cx) = 5s+i/gcd(.gs+i, 5s+i) requires 
0(U{d6s)) operations in K, storing at most 0{d6s) elements of K. This finishes the 
proof of the proposition. D 

The algorithm underlying Proposition l4.4l is essentially an extension to the finite 
field context of [23 Algorithm II. 7]. Wc have contributed further to the latter 
by quantifying the probability of success of our algorithm. Let us also remark 
that the complexity estimate of Proposition 14.41 significantly improves that of |27l 
Proposition 1]. 

4.3. Computing a geometric solution of Vp{s+i). In this section we exhibit an 
algorithm which computes a parametrization of the variables y„_s-|_i , . . . , y„ by the 
zeros of q^''~^^\P^^'^^\Yn-s), completing thus the s-th recursive step of our main 
procedure computing a geometric solution of the input variety V. 

First we discuss how we obtain the parametrization of Yn-s+i by the zeros of 
g(s+i)(p(s+i) y^j ,,) Recall that such parametrization is given by a polynomial 

(9g(^+i)/9r„_,)(p(-+i),r„_,)F„_,+i -«i^+/|i(p(-+i),r„_,) e K[r„_„r„_,,+i], 

with w„_^^^(p(*+^\ F„_s) of degree at most Sg+i — 1. 

Let Ai, A2 e K \ {0} satisfy the conditions of Lemma 1131 and let £\. := Yns + 
\iYn-s+i for i = 1,2. Observe that the value A = also satisfies the conditions of 
Lemma k.HI By Proposition l4.4l we may assume that we have already computed the 
minimal equations 9^"+^^ {pi^+^) , £;, J, g^^+i) (p(«+i) , C^^ ) and q^'+^^ (p(«+i) , y„_,) 

satisfied by £ai , £x2 and Yn-s in Fq[Vp(3+i)]. Interpreting these polynomials as 
elements of K[y„_s, y„_s+i], assume further that £^2 separates the common zeros of 
q(s+i)(p(''+i) y^^_^) and q)^ ^(P^^^^^ £ai)- Arguing as above, we easily conclude 
that there exists a nonzero polynomial Eg G IFg[A] of degree at most 5'^ such that, 
for any A2 with Es{X2) ^ 0, the linear form £^2 satisfies our last assumption. 

In our subsequent argumentations we shall consider the following (zero-dimen- 
sional) K- variety: 

Ws+i:^{{xi,X2)eA^:q^'+'HP^'+'\x,)= 0,q'^^^^\P^'+'\x,+Kx2)^ for 1 = 1,2}. 

Let TT* : Vp{B+i) -^ A^ the projection mapping induced by Yn-s,Yn~s+i- Observe 
that 7r*(l/p(s+i)) C Ws+i holds. Furthermore, since £a2 separates the common zeros 
of g(«+i)(p(''+i),y„_,) and g;[f+^^(p(''+i),/:Ai), and q\^^^^\p'-''+'^\ Cx,) vanishes in 

the set Cx,-;{Tf*{Vp{B+i))) (of cardinality Sg+i) and has degree Ss+i, we conclude 
that Ws+i = 7r*(Vp(»+i)) holds. 
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Our intention is to reduce the computation of w„_s_fi(-P^'*^^\ i^n-s) to god com- 
putations over suitable field extensions of K. From our previous argumentation 
and the fact that Yn-s separates the points of Vp^s+i), it follows that Yn-s also 
separates the points of Wg+i- Then, applying the classical Shape Lemma to this 
(zero-dimensional) K-variety (see e.g. |12|V we see that there exists a polynomial 
Wn-s+i G K[y,j_s] of degree at most S^+i - 1 such that Yn-s+i - Wn-s+iiYn-s) 
vanishes on the variety Ws+i- 

Let a e Fq be an arbitrary root of q('*+i)(p('^+i), Yn-s) and let /3 := Wn~s+i{ct)- 
Then the fact that Fn-s separates the points of Ws+i shows that P :— {a, (3) is the 
only point of Wg+i for which Yn-s{P) — a holds. Hence, Yn-s+i — /3 is the only 
common root of q'}^+^\p<''+^\a + XiY^^s+i) and g^"+'^(P(^+i), a + AaFn-.+i). 

Furthermore, the assumption on A2 implies that q^ {P'^'^^^\a + \2Yn-s+i) is 
squarefree. Therefore, we conclude that the following identity holds in K(a)[l^_s_|_i]: 

(4.2) gcd(<z(f+''(p(^+i),a+Aii;,_,+i),g(f+^^(p(^+i),a + A2X.-.+i)) = i;^-.+i-/3. 

Let q('*+i)(p(''+i), Yn-s) = 91 • • ■ 9;;, be the irreducible factorization of the poly- 
nomial q''^^^'' {P''''^^\Yn-s) in K[y„„s]- Observe that every irreducible factor qj 
represents an K-irreducible component Cj of W^+i. Let aj e ¥q be an arbitrary 
root of qj. Taking into account the field isomorphism K(q;j) ~ K[Yn^s]/\qj{Yn-s)), 
from identity (|4.2|) we conclude that there exists Vj e K[l^_s] of degree at most 
deggj — 1 such that the following identity holds in (K[Yn-s]/{qj{Yn-s))) [Yn-s+i]'- 

(4.3) 

gcd((zi^+'^(p(^+l), i;_,+AiX^-s+l), qc^'\P^"^^\ Yn^s + X2Yn-s+l)) = Yn-s+l-V,{X-,-s)- 

Let us fix j G {1, . . . , h}. From the Bczout identity we deduce that the congruence 
relation Yn-s+i —Vj{Yn^s) = mod I{Cj) holds. This implies that q', ■ (Yn-s+i ~Vj) 
belongs to the ideal I{C.j) for 1 < j < h, and hence, that g^dli^tj qi){Yn-s+i — Vj) 
belongs to the ideal I{Ws+i) C I{Vp(s+i)) for I < j < h. 
Let 

(4.4) t;t+^_|,(F(^+l),y„_,) := ^ q'.v.iHq,) mod q(^+'\p(^+'\Yr.-s). 

l<j<h i^j 

By construction we have that u„_^_|l]^(p(^+^\y„_s) is an element of K[F„_s] of 
degree at most S^+i — 1. Furthermore, our previous argumentation shows that 

(ag(^+i)/ai;,_,+i)(p(^+i), r„_.)i^,_,+i-«l+:|i(p(^+i), i-„-s)=E ■=i'?,'(n.^,%) (x.-.+i- 

Vj) belongs to the ideal I{Vp(s+i)), and hence it represents the parametrization of 
Yn-s+i by the zeros of q^^'^^'^ {P^'^'^^\Yn-s) we are looking for. 

Now we discuss how we can obtain the polynomial w„_j,^j(P^'*+^\ y„_s), which 
parametrizes Yn-s+j by the zeros of q^^^^\P^'^^-^\Yn-s), for 2 < j < s. For this 
purpose, we assume that we are given the polynomials vl^_^^j (p(*+i) , Y„^s,Yn-s+i) 
(2 < j < s) which form the geometric solution of the lifting curve Wp{s+i) . 

Let (9g("+i)/ar„_^+i)-i(P("+i),r„_s) £ K[y„_^] denote the inverse of the 
polynomial {dq^'+^^ /dYn-s+i){P^''+^\Yr,-s) modulo q^'+^\P^'+^\Yn-s), and let 
wi'+^Up(^+'\Y,-s):^{dq^'+'^/dY^^s+i)-\P'^^+'\Yr.^.)vi'^^U^^^^ 
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Observe that Y^s+i - wl^^^lj^{P^'+^\Yn^s) belongs to the ideal /(Vpf.+i)). Our 
intention is to use this parametrization to "clean" the variable Yn-s+i out of the 

polynomials v^^^slj (^^'+" . r„-., r„-.+i). 

For this purpose, we observe that g(")(p(*+i),y„_s, wi'J^s+i(-P'"+^\ i^«-.)) and 

wl^^^lj^iP'-'+^\Yn-s)) (2 < j < s) belong to the ideal I{Vp(s+i)). Furthermore, 
we have that the polynomial {dq^'} 8%,- s+i){P'^'+^\Yn^„wi'%iP<^'+^\ %,.,)) is 
not a zero divisor of K[y„_s]/((7'^''+^^(P'^''+^\ y„_s)), because otherwise the dis- 
criminant p'^'''(p(^+^\y„_s) would have common roots with q^'^'^^^ {P^^'^^\Yn-s), 
contradicting thus condition (iii) of Theorem 13.31 Therefore, its inverse hn-s+i 
modulo (7(''+i) (p(*+^\ Yn-s) is well-defined element of K[y„_s], and the polynomial 

Yn-s+j-hn-s+l-vl'^'lj (P(^+^^ i"„-s, U-i'-^/ii(P(^+^\ l;^-.)) bclougS tO /(^p,. + l, ) 

for 2 < j < s. Therefore, if we let 

(4.5) u;„_,+, :=/i„-.+i • r;t+/|^.(p(^+i), r„_., ^t+^|i(p(^+i), r„,.)) (2 < j < .), 

we see that Yn-s+j — Wn^s+j belongs to /(Vp(3+i)) for 2 < j < s. Multiplying 
Wn-s+j by {dq^^^^^ / dYn- s+i){P^^^^\Yn- s) for 2 < j < s, and reducing modulo 
g(s+i)(p(s+i)^y„_^)^ we obtain the polynomials wi'X+j ^ ^[Yn-s] (2 < j < s) we 
are looking for. 

In our next result we exhibit an algorithm computing the polynomials 

qis+i)^pis+i) ^Yr,-s),vl^^ll^{P^'+^\Yr,.s) & K[y„_,] (1 < J < s), which form a 
geometric solution of Vp(s+i). 

Proposition 4.5. There exists a probabilistic Turing machine M which has as 
input 

• a straight-line program using space S and time T which represents the 
polynomial Ps+i; 

• the polynomials q'^'\P^'+^\Yr,-s,Y,,^s+i) andv';^\^^{p('+^\Yr,-s.Yr,-s+i) 
(2 < j < s), which form the geometric solution of the lifting curve Wpu+i) 
computed in Proposition \4-. °^ 

and outputs a geometric solution of the lifting fiber Vp(s+i) . The Turing ma- 
chine M runs in space O [{S + n + d)d^ \og{q6)) and time O [{T + n)U (S) {U {d6) + 
log{qS))U{log{qS))) , and outputs the right result with probability at least 1 — l/60n. 

Proof. Let E^ be the polynomial of the statement of Lemma E3I and let Eg be the 
polynomial introduced at the beginning of this section. Recall that deg Es < 46^ 
and degi^s < (5"* hold. Let Ai,A2 two distinct values of K randomly chosen and 
let £\. := Yn-s + XiYn-s+i {i = 1,2). Applying Theorem 12.21 we conclude that 
Es{Xi)Es{X2)Es{X2) ^ holds with probability at least 1 — l/72n^. Suppose 
that this is the case. Then, applying the algorithm underlying Proposition 14.41 
we conclude that the minimal equations q^''+^'> {P^'+'^\Yn-s), q'^'+'^HP'^''+'^\ CxJ 
{i — 1,2) satisfied by Yn-s,jCx^ {i = 1,2) in K[Vp(s+i)] can be computed by a 
probabilistic Turing machine which runs in space 0((iS + d)S'^\og{qS)) and time 
0[{T + n)U{dSs)U{Ss)l^{\og{q5))) , with probabihty of success at least 1 — l/15n^. 
Next we compute the irreducible factorization q^''^^\P'^^~^^\Yn-s) = gi • • -q/i of 
^is+i)(^pis+i)^Y,,_s) in K[Yn-s]. From |Sni Corollary 14.30] we conclude that such 
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factorization can be computed with space 0{S-^^i\og{q6j) and time 0(log(n)(Z^(4+i) 
+U{6s+i)log{qS))h{{log{qS))), with probabihty of sucess at least 1 — l/16n^. 

Then we compute the polynomials vi, . . . ,Vh of (|4.3(l and the polynomial v„_s+i 
of (|Ojl . using the EEA (see e.g. 01, (SSI)- According to [SH Corollary 11.16], 
this step can be done deterministically using space 0{6sSs+i^og{q5)) and time 
0(Ss+iU{Ss)U{\og{qS))) . Finally, we compute the polynomials hn^s+i and Wn^s+j 

(2 < j < s) of (gSJ, and the polynomials v\'^ll^(P'^'+'^\Yn-s) for 2 < j < s, with 
the same asymptotic complexity estimates. Adding the complexity and probability 
estimates of each step, we easily deduce the statement of the proposition. D 

The algorithm underlying Proposition 14. 51 extends to the positive characteristic 
case the algorithms of [23 and [22| , having a better asymptotic complexity estimate 
(in terms of the number of arithmetic operations performed) than j27) . and a similar 
complexity estimate as J2S1- We also contribute to the latter by providing estimates 
on the probability of success of the algorithm, which are not present in |2S| ■ Finally, 
let us also remark that by means of our preprocessing we have significantly simplified 
both the algorithms of 23 and |23| . 

4.4. A K— definable geometric solution of V . Now we have all the ingredients 
necessary to describe our algorithm computing the K-definable geometric solution 
of our input variety V := Vr- We recall that K is a field extension of F^ of cardinality 
greater than QQn^d5'^. Let (A, 7, P) be a point randomly chosen in the set K" x K" x 
\(n-r xheorcm 12 . 21 shows that i?(A, 7, P) does not vanish with probability at least 
14/15, where B is the polynomial defined at the beginning of Section^] Assume that 
we have chosen such a point and let (Yi, . . . , Yn) := AA' + 7 and P := (pi, . . . ,pn^r)- 
Then Yi, . . . , y„ and P'-*' :— (pi, . . . ,Pn~s) satisfy the conditions of Theorem 13.31 
for 1 < s < r — 1. 

Therefore, we may recursively apply, for 1 < s < r — 1, the algorithms underlying 
Propositions 14.21 and 14.51 which compute a geometric solution of the lifting curve 
Wp(s+i) and of the lifting fiber Vp(s+i) respectively. In this way, at the end of the 
(r — l)-th recursive step we obtain a geometric solution of the lifting fiber Vp(r) . 
Taking into account the complexity and probability estimates of Propositions 14.21 
and 14. 51 we easily deduce the following result: 

Theorem 4.6. There exists a probabilistic Turing machine M, which takes as 
input a straight-line program which represents the input polynomials Fi,...,Fr 
with space S and time T, and outputs a geometric solution of the lifting fiber Vp(r) . 
The Turing machine M runs in space 0(^{S + n + d)5^ log(q(5)) and time Oy{nT + 
n^)U{5){U{d5) +log((7(5))iY(log(q(5))) and outputs the right result with probability at 
least 1 - 1/12. 

The complexity estimate of Theorem 14 . 61 significantlv improves the 0{d'^ ) com- 
plexity estimate of 28 , the 0{d^'^) estimate of [53|, and the estimates of the al- 
gorithms of the so-called Grobner solving. Further, let us remark that, combining 
the algorithm underlying Theorem 14 . 61 wit h techniques of p-adic lifting, as those of 
|23| , for a "lucky" choice of prime number p, one obtains an efhcient probabilistic 
algorithm computing the geometric solution of an equidimensional variety over Q 
given by a reduced regular sequence. 
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An Fq-DEFINABLE LIFTING FIBER OF V 



Let notations and assumptions be as Section 14.41 In this section we obtain 
a geometric solution of an F^ -definable lifting fiber of V. For this purpose, we 
shall homotopically deform the K-definable geometric solution of the lifting fiber 
Vp(r) := TT~^{P^^'), computed in the previous section, into a geometric solution of 
an Fq -definable lifting fiber tt^^(Q) of the linear projection mapping tt : V ^ A"^'' 
determined by suitable linear forms Zi, . . . , Zn-r G Fg[Xi, . . . , X„]. 

Let A be an (n — r + 1) X n matrix of indeterminates. For l<i<n — r+l, 
let A*^*' :— (Ail, ■ ■ • , Ai„) denote its i-th row and let A^-'^'-'*^ denote the i x n 
submatrix of A consisting of the first i rows of A. Let F := (Fi, . . . , F„) be a vector 
of indeterminates, and let Y :— (Yi, . . . , Yn-r+i) '■— AA + F. 

Let B e 1,[A, F, Fi, . . . , y„_r] be the polynomial of Corollary EH and let B' := 
det(Ai) det(A2)-B, where Ai is the n x n matrix which has A^^-""'') as its upper 
(n ~ r) X n submatrix, and the coefficients of the linear forms Y^-r+i, ■ • ■ , ^n in its 
last r rows, and A2 is the nxn matrix having A^^-""'"^-'^-' as its upper {n — r + l)xn 
submatrix, and the coefficients of K„_r+2, ■ ■ ■ ,Yn in its last r — 1 rows. Observe 
that degS' < 2{n - r + 2)nd5l holds. 

Suppose that q > 8n^d6f holds, and let be given a point {v, 77, Q) G F^ " ^ " x 
FJ^-''+i X Fg"-'' such that B'{v,-q,Q) ^ 0. Fheorem O shows that such a point 

{v, rj, Q) can be randomly chosen in the set F^ ^'^ '^ x FJ^^'"+^ x ¥'^^^ with prob- 
ability of success at least 1 — 1/16. 

Let V := y{i,---,n~r+i)^ ^ ._ (^j^^^,_^r]n-r+i), Q := (gi, . . . , g„_r) and Z ■- 
(Zi, . . . , Zn-r+i) '■= vX+rj. The condition det(Ai-A2)(i^) ^ implies that the sets 
of linear forms Zi, . . . , Zn-r-, Yn-r+i, ■ ■ ■ .Yn and Zi,. .. , Z„_r+i, l"„-r+2, ..., 1"„ in- 
duce linear changes of coordinates. Furthermore, from the condition B{v, rj,Q) ^ 
and CoroUarv 13.41 we conclude that the linear projection mapping n : V ^ A""'' 
defined by Zi, . . . , Zn-r is a finite morphism, Q G F"~^ is a lifting point of n and 
Zn-r+i is a primitive element of the lifting fiber Vq :— Tr^^{Q). 

Let (A,7,P) G K"' X K" X K"^*" be the point fixed at the beginning of Section 
|11 which yields the linear forms Y := (Yi, . . . , Yn) :~ \X + 7 and the point P^*"^ G 

^n-r ■y^j.j^g ^ ._ (-^^ ^ . . . , 7„) and P := (pi,^ . . ,Pn-r) _ 

Let T be a new indeterminate, and let A G 1,(T)"^" and F G F,(r)" be the 
matrix and column vector defined in the following way: 

A := (i-r)A +rAi(j/(i-"-'-)), 

F := (1 -r)7* + T(77i,...,77„_r,7„_,.+i,...,7„)*, 

where i/y^'---'^~^> denotes the {n — r) x n matrix consisting of the first n — r rows of 
V and the symbol * denotes transposition. Let A*^^'--'"^'') and r^^'-'"^''^ denote the 
iji—r) X n submatrix of A consisting of the first n—r of A and the (n— r)-dimensional 

vector consisting of the first n — r entries of F respectively. 

— 7 — \^ 
Let W be the subvariety of ¥q{T) defined by the set of common zeros of 

Fi,...,Fr. Let Z :^ (Zi, . . . , Z„) := AA + F and P := (pi, . . . ,p„_,) :- (1 - 
T)P + TQ. Since A is an invertible element of Fq(T)"^", we have that X = 
A-i(Z - F) holds, and hence Fj{T,Z) := Fj(A-'^{Z - F)) is a well-defined el- 
ement of F,(T)[Zi,...,Z„] for 1 < j < r. Observe that the point (A,f,P) G 
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¥q (T) x¥q(T) x¥q (T) does not annihilates the polynomial i? of the statement 
of Corollary 13. 41 Therefore, applying Corollarv l3.4l replacing the field ¥q by ¥q{T), 
we conclude that ¥q{T)[Zi, ..., Z^-r] ^ ¥q{T)[X]/{Fi, ...,Fr) is an integral ring 

^ . . . . . . . . ^ 7 — -n—r 

extension, P is a lifting point of the linear projection mapping ir'^ : W —^ ^q\T) 
defined by Zi, . . . , Z„_r, and Zn-r+i = i^n-r+i is a primitive element of the (zero- 
dimensional) lifting fiber Wp := (7r^)^^(P). 

Let 5g (P, Z„-r+i) G ¥q{T)[Z„-r+i\ denote the minimal equation satis- 

fied by Zn-r+i in ¥q{T)[Wp]. By the K(r)-definability of Wp and Z„-r+i, we 
see that gg {P, Zn-r+i) belongs to K(T)[Z„_,.+i]. Furthermore, our choice of 

P and Zi, . . . , Zn-r+i implies that q^ {P , Zn-r+i) is a separable element of 

K{T)[Zn-r+i] of degree Sr- Let p S K[T] be the product of the denominator of 
q^ (P, Zn-r+i) and the numerator of its discriminant. In order to perforin the 

homotopic deformation mentioned at the beginning of this section, we need the 
following preliminary result: 

Lemma 5.1. Let Ip be the ideal of K[T]p[Yn-r+i, ■ ■ ■ ,%i\ generated by the polyno- 
mials Fi{P, Yn-r+i, • ■ • , Yn), . . . , Fr{P , l^i-r+i, . • . , F„). Then 

(5.1) K[T]p ^ K[T]p%^r+i, ■ ■ ■ XMh 

is an integral ring extension, the polynomials Fj{P,Yn-r+i, ■ ■ ■ ,Yn) (1 < j < r) 
form a regular sequence of K[T]'^[Yn-r+i, ■ ■ • , Yn] and generate a radical ideal Ip 
of K[T]p[r„_r+i, . . . , Yn], and the ring K[r]p[r„_r+i, ■ • • , Yn]/Ip is a free K[T]p- 
module of degree Sr ■ 

Proof. By the remarks above, we see that q^ (P, Z„_r+i) G K[T]p[Z„_,.+i] is 

an integral dependence equation for the coordinate function z„^r+i induced by 
Zn-r+i in the ring extension l|5.1|l . We conclude that K[r]p ^-> K[T]g[z„_r+i] is an 
integral ring extension. 

Let ^1, . . . , ^„ denote the coordinate functions of K[T]p[y,j_r+i, ■ • • , Yn\/Ip in- 
duced by Xi , . . . , Xn ■ Arguing as in eq. (|3.5|) of the proof of Proposition 13.11 we 
conclude that there exists polynomials Pi, . . . ,P„ € K[r]p[Z„_r+i] such that ^k — 
Pkizn-r+i) holds for 1 < A: < n. This shows that K[T]^[zn-r+i] ^ K[r]g[$i, . . . , Cn] 
= K[T]p[y„_r+i, . . . , Yn\/Ip is an integral ring extension and, combined with fact 
that K[T]p ^-^ K[T]p[^n-r+i] is an integral ring extension, proves our first assertion. 

Now we show that Fi{P,Yn-r+i, ■ ■ ■ ,^n), ■ ■• ,Fr{P,Yn-r+i, ■ ■ ■ ,Yn) form a reg- 
ular sequence of K[r]p[y„_r+i, ■ • ■ , ^n] and the ideal Ip is radical. Arguing by 
contradiction, suppose that there exists 1 < j < r such that Fj{P, Y^-r+i, ■ ■ ■ , Yn) 
is a zero divisor modulo Fi{P,Ya-r+i, ■ ■ -^Yn), . . . , Pj_i(P, F„_r+i, • ■ • ,i^n)- By 
specialization in T = we conclude that Fj{P^'^\Yn-r+i, ■ ■ ■ ,Yn) is a zero divi- 
sor modulo Fi{P^''\Yn-r+i, ■■■, Yn), ..., Fj^i{P^''\Yn-r+i, ■■■, Yn) , coutradictiug 
thus Lemma l4. II Furthermore, a similar argument shows that the Jacobian deter- 
minant det (^dFi{P,Yn-r+i, ■ ■ ■ :Yn) / dYn-r+j) i^^ <,. is uot a zero divisor modulo 
Pi(P, Yn-r+i, ■.■,Yn),.. .j,Fr{P, Yn-r+1. ■■■, Y^). Hcucc, from m Theorem 18.15] 
we deduce that the ideal Ip is radical. 
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Our previous assertions imply that K[T]p[Yn-r+i, ■ ■ ■ ,Yn]/Ip is a free K[r]g- 
modulc or rank at most Sr- Since q^ {P, Zn-r+i) is the minimal dependence 

equation satisfied by z'n-r+i hi the extension H5.f|l . we conclude that the rank of 
K[T]p[Yn-r+i, ■ ■ ■ jYjil/Ip as K[T]p is exactly 6r- This finishes the proof of the 
lemma. D 

Let V C A''"*^^ be the affine equidimensional variety defined by the set of common 
zeros of Fi(P, r„_r+i, . . . , 1"„), . . . , Fr{P,Yn-r+i, ■ ■ ■ ,Yn) and let tt : V" -> A^ be 
the mapping induced by the projection onto the coordinate T. Lemma l5 . II implies 
that V has dimension 1 and degree Sr, and 7? is a finite morphism. Furthermore, 
taking into account the equalities V f] {T = 0} = {0} x Vpir) and V Ci {T = 
1} = {1} X Vq, we conclude that T = 0, 1 are lifting points of the morphism tt. 
Therefore, applying a suitable variant of the Newton-Hensel procedure of Section 
14.11 we obtain a geometric solution of the lifting fiber Vq . This is the content of 
our next result: 

Proposition 5.2. Suppose that q > Sn'^dd^ holds. Then there exists a probabilistic 
Turing machine M which has as input 

• a straight-line program using space S and time T which represents the input 
polynomials Fi, . . . ,Fr, 

• the polynomials ^^(pW, r„_,+i), 4'2,+,(P(''), r„-.+i) (2 < j < s), 
which form the geometric solution of the lifting fiber Vp(r) computed in 
Theorem \4.6] 

and outputs polynomials q{Q, Zn-r+i), Vn-s+jiQ, Zn-r+i) (^2 < j < s) which form 
a geometric solution of the lifting fiber Vq . The Turing machine M runs in space 
0[{S + n)S^\og{q6)) and time 0[{nT + n^)U{SryU{\og{q6))) and outputs the right 
result with probability at least 1-1/16. 



Proof. Let {y,ri, Q) be a point randomly chosen in the set Fg ^ x F" ''+^ x 

F""*". Let B' G Fg[A, F, Yi, . . . , F„_r] be the polynomial introduced at the beginning 
of this section. Since degi?' < 2{n—r-\-2)nd5^ holds, from Theorem l2.2l we conclude 
that B'{v, VtQ) ¥^ ^ holds with probability at least 1 — 1/16. 

By the remarks before the statement of the proposition, we see that T = 0,1 
are lifting points of the morphism tt. Then, applying the Newton-Hensel procedure 
of |49| . we see that there exists a computation tree in K computing polynomials 
q{T, Yn-r+i), Vn-r+j{T, Yn-r+i) [2 < j < r) which form a geometric solution of V. 
This computation tree requires 0(^{nT + n^)U{5r)^j operations in K, using at most 
0(^{S + n)S^) arithmetic registers. Specializing these polynomials into T = 1 yields 
polynomials q{l,Yn~r+i), t'n-s+jll, ^-r+i) (2 < j < r), which form a geometric 
solution of the lifting fiber V C] {T = 1} = {1} xVq (and therefore of Vq), using 
Yn-r+i as primitive element. 

Our next purpose is to compute a geometric solution of Vq, using Zn~r+i 
as primitive element. In order to to this, let Wn-r+jii,Yn-r+i) G K[S'] denote 
the remainder of the product (9g/9y„_.r+i)(l, Yn^r+i) ■ Vn-r+j{^, Yn-r+i) modulo 
q{l,Yn^r+i) for 2 < j < r. Observe that Yn-r+j = u'n-r+j{l,Yn-r+i) holds in 

K[Vq] for 2 < j < r. Write Zn-r+l = OL\Zx ^ + an-rZn-r + OLn-r+\Yn-r+l + 

• ■ • + a„y„. Then, it is easy to see that the minimal equation satisfied by the linear 
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form Zn^r+i + TYn-r+1 m WT]®¥q[VQ\ is given by 
(5.2) 

n—r n 

qZr,-^+i+TY„.,+AQ^ ^) = Rcsu(q{l,U),U -"^a^Qj + Un-r+iS +^ ajWj{l,S) 

J — 1 J— n— r+2 

Following e.g. PP or 03] as in the proof of ProDOsition l3.1l we have the congruence 

relation g2„_,,^i+Ty„_,+ i(Q,^n-r+l) = qiQ, Zn-r+i)+{dq/dZn^r+iiQ, Zn_r+i)- 
Vn-r+i{Q, Zn^r+i))T modulo (T^), whcrc q{Q, Zn-r+i) is the minimal equation 

Oi Zn-r+l in K[Vq] and {dq/dZn^r+l){Q, Zn-r+l)Yn-r+l = Vn-r + l{Q,Zn-r + l) 

holds in K[Vq]. 

We compute the right-hand-side term of (|5.2|) . up to order T^, by interpolation 
in the variable 5', reducing thus the computation to 6r resultants of univariate 
polynomials of K[T] of degree at most 1. Using fast algorithms for univariate 
resultants and interpolation over K (see e.g. 0], |SS]), we conclude that the dense 
representation of q{Q, S) and Vn-r+iiQ, S) can be deterministically computed with 
0{5rU{6r)) arithmetic operations over K, using at most 0{S^) arithmetic registers. 

Finally, there remains to compute the polynomials Vn-r+jiQ, Zn-r+i) (2 < j < 
r) which parametrize Yn-r+j by the zeros of terms of q{Q, Zn-r+i), i-e- such that 
{dq/ dZn-r+i){Qj Zn-r+i)Yn-r+i = Vn-r+j{Q , Z^-r+i) holds in K[Vq]. For this 
purpose, we shall compute polynomials Wn-r+jiQiZn-r+i) (1 < j < r) of degree 
at most 5r — ^ such that Yn-r+j = Wn-r+j{Q, Zn-r+l) holds in K[Vq]. From these 
data the polynomials Vn-r+j{Q,Zn-r+i) (2 < j < r) can be easily obtained by 
multiphcation by {dq/ dZn-r+i){Q ^ Zn-r+i) and modular reduction. 

The polynomial Wn-r+iiQ, Zn-r+i) can be computed as the remainder of the 
product {dq/dZn-r+i){Q,Zn-r+i)-Vn-s+iiQ,Zn-r+i) modulo g((3,Z„_r+i) ■ Then, 
taking into account that the identities Yn-r+j = Wn-r+ji^,Yn-r+i) and Yn-r+i = 
Vn-r+i{Zn-r+i) hold in K[Vq] for 2 < J < r, we conclude that the polynomial 
Wn-r+j{Q, Zn-r+i) cquals the remainder of Wn-r+j{^,Vn-r+iiZn-r+i)) modulo 
q{Q, Zn-r+i) for 2 < j < r. Therefore, the polynomials Wn-r+jiQ, Zn-r+i) 
{2 < j < r) can be computed with 0{5rlA{5r)) arithmetic operations in K, us- 
ing at most 0{5^) arithmetic registers. 

Putting together the complexity and probability of success of each step of the 
procedure above finishes the proof of the proposition. D 

6. The computation of a rational point of V 

In this section we exhibit a probabilistic algorithm which computes a rational 
point of the variety V := Vr- For this purpose, let K be the finite field extension 
of Fg introduced in Section 0] and assume that we are given Fg-independent linear 
forms Zi,...,Zn-r+i,Yn-r+2,---,Yn G ^X], with Zi,..., Zn-r+l G Fg [X] and 
Yn-r+2, ■ ■ ■ ,Yn G K[X], and a point Q := (Qi, . . . , Qn-r) G Fg"^*", such that the 
linear projection mapping n : V —> A""'' determined by Zi, . . . , Zn-r+i is a finite 
morphism and Q is a lifting point of tt. Furthermore, assume that we are given 

polynomials q{Q,Zn-r+l) e ¥q[Zn-r+l], Vn-r+jiQ, Zn-r+l) € K[Z„_r+i] (2 < j < 

r) which form a geometric solution of the lifting fiber Vq , as provided by Proposition 

Let oj := (wi, . . . ,uJn-r) be an arbitrary point of A""'', let Lui C A" be the (r+l)- 
dimensional affine linear variety parametrized by Zj = ujjT + Qj (1 < j < n — r), 
Zn-r+l — Zn-r+l and Yn-r+j — Yn-r+j (2 < j < r) , and let Cui :— V n L^. We 
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may consider d^ as the affine subvariety of A'"+^ defined by the set of common 
zeros of the polynomials Fj{loT + Q, Zn-r+l,Yn-r+2^ • ■ • , Yn) (1 < j < r). With 
this interpretation, let Tr^^ : y — > A^ be the projection mapping induced by T. We 
have the following result: 

Lemma 6.1. C^j is an equidimensional variety 0/ A''+^ of dimension 1 and degree 
5r, TTi^ is a finite morphism and is an unramified value ofir^. 

Proof. Lemma 13.51 shows that the projection mapping n : V —* A"^'"+^ defined 
by Zi, . . . , Zn-r+i induces an isomorphism between a Zariski-dense open subset 
V \V of V and a Zariski-dense open subset M^ \ M^ of the hypersurface W of 
^n-r+i defined by q{Zi, . . . , Zn-r+i)- Let L^ C A"^''+^ be the afRne linear variety 
parametrized by Zj = ujjT + Qj {I < j < n — r) and Zn-r+i = Zn-r+i- Then we 
have that 7r|i^ : V n L^ — > L(^ maps C^^ = V Ci L^^ into the hypersurface W C] L^ of 
La; defined by the polynomial h{T, Zn-r+i) '■— q{(^T + Q, Zn-r+i)- This shows that 
7r(Ci^) is an equidimensional variety of dimension 1. Furthermore, ttIl^ maps V into 
WCiL^ = V{dh/dZn-r+i)- Taking into account that h{0, Zn-r+i) = q{Q, Zn-r+i) 
is squarefree, we easily conclude that W CiW CiL^ is a zero-dimensional variety of 
i(^. This shows that {W \ W) fl L^ is a Zariski-dense open subset oi W (1 L^^ and 
hence equidimensional of dimension 1. Therefore the Zariski-dense open subset 
{V \V) n L^ =TT~^ {{W \ W) n L(^) of C^ is equidimensional of dimension 1, which 
implies that C^ is equidimensional of dimension 1 . 

The fact that the injective mapping Fq[Zi, . . . , Z„_,.] ^^ ^q\y] induces an integral 
ring extension implies that Fg[T] ^-> Fg[C(j] is an injective mapping which induces 
an integral extension ring, showing thus that tTj^ is a finite morphism. From the 
Bezout inequality H2.1|l . we see that degC^^ < 5r holds. On the other hand, since 
"'w'^lO) = ^Q holds, we have 5r — degVg < degCo,. We conclude that degCi^ = 5r 
holds and is an unramified value of tt^^ . D 

Let oj E F"^*". Arguing as in the proof of Lemma 14.11 we easily conclude 

that Fi{luT + Q, Zn-r+l,Yn^r+2, ■ ■ ■ ,Yn), . . . , Fr{ujT + Q , Zn-r+l,Yn-r+2, ■ ■ ■ ,Yn) 

form a regular sequence of ¥q[T, Zn~r+i,Yn-r+2, ■ ■ ■ ,Yn] and generate a radical 
ideal of ¥q[T, Zn-r+i,Yn-r+2, ■ ■ ■ lYn]. Therefore, applying the algorithm under- 
lying Proposition 14.21 we obtain elements q{ujT + Q,Zn-r+i) G Fg[r, Z„_r+i], 
Vn-r+ji^T + Q, Zn^r+i) G K[T, Z^^r+i] (2 < J < ?"), which define a geometric 
solution of the curve C^^ . 

Our intention is to find a rational point of the curve C(^. For this purpose, we 
are going to find a rational point of the plane curve W^ defined by the polynomial 
h := q{ujT+Q, Zn-r+i), which does not belong to the plane curve W^ defined by the 
polynomial dh/dZn-r+i- Let tTc^ : Cc^ — > A~ be the mapping defined by T, Zn-r+i- 
From Lemma 13.51 we deduce that tt^ induces a birational mapping tTc^ : C^^ — > W^;, 
whose inverse is an F^ -definable rational mapping defined on W^ \ W^ , which can be 
easily expressed in terms of the polynomials Vn-r+j{'^T + Q, Zn-r+i) (2 < j < r). 
Therefore, using this inverse we shall be able to obtain a rational point of our 
input variety V . Unfortunately, the existence of a rational point of the plane curve 
W^ cannot be asserted if W^i does not have at least one absolutely irreducible 
component defined over ¥q. 

In order to assure that this condition holds, let C G ¥q[Qi, . . . ,^n~r] be the 
(nonzero) polynomial of the statement of Theorem 13.61 Recall that C has degree 
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bounded by 2Sf. Then Theorem El shows that, for any uj e ¥;/-'' with C(w) ^ 0, 
the curve Wuj is absolutely irreducible. 

Assume as in Section |21 that q > Sn^dS^ holds. Theorem 12.21 shows that a 
random choice of lu in F""'' satisfies the condition C{u!) ^ with probability at 
least 1 — 1/72. Then the (deterministic) algorithm underlying Proposition l4.2l vields 
a geometric solution of the curve C^^. We summarize the above considerations in 
the following result: 

Proposition 6.2. Let q > Sri^dS*. There exists a probabilistic Turing machine M 
which has as input 

• a straight-line program using space S and time T which represents the 
polynomials Fi, . . . , Fr, 

• the dense representation of elements of K[Zn-r+i] which form a geometric 
solution of the lifting fiber Vq, as provided by Provosition \,5.Sl 

and outputs the dense representation of elements q{u>T+Q, Z„_,.+i) G Fq[T,Z„_,.+i], 
Vn-r+j{^T + Q, Zn-r+i) & ^[T, Zn-r+i] {'^ 1i^ j < f) , which form a geometric so- 
lution of the absolutely irreducible ¥q-curve Cuj- The Turing machine M runs in 
space 0((5 + n)(5^1og((7^)) and time 0[{nT + n^)h{{S)^h{{\og{qS))) and outputs the 
right result with probability at least 1 — 1/72. 

6.1. Computing a rational point of a plane curve. In this subsection we 
exhibit a probabilistic algorithm which computes a rational point of the curve 
C^ CV previously defined. 

Let h :— q{ujT+Q, Zn-r+i)- Recall that h is an absolutely irreducible polynomial 
of ¥q[T, Zn-r+i] of dcgrcc Sr > 0. Let as in the previous section Wui,Wuj C A^ 
denote the plane curves defined by h and dh/dZn-r+i respectively. As remarked 
in the previous section, our aim is to compute a point in the set {W^ \ W^) n F^^, 
from which we shall immediately obtain a rational of point V . 

The classical Weil's estimate on the number of rational points of an absolutely 
irreducible projective plane curve |58| implies that the set of rational points of W^^ 
satisfies the estimate (see e.g. |47|'): 

mw^ n ¥^) ~-q\< {Sr - l)iSr - 2)gi/2 + Sr + 1< Sy/^ 

In particular, we deduce the lower bound #(W^ fl F^) > q — S^q^^^- 

On the other hand, by the absolute irreducibity of h we conclude that h has no 
nontrivial common factor with dh/dZn-r+i, which implies that W^ nW^j is a zero- 
dimensional variety. By the Bczout inequality we have deg(W^ fl Wui) < Sr{Sr~i), 
which implies #(Wi^ H W^^ fl F^^) < 6r{Sr — !)• Combining this upper bound with 
our previous lower bound, we conclude that the following estimate holds: 

(6.1) #{{W^ \ W^) n F<f ) > q - q^'Hl - 51 

Assume that q > 8n^d6f. holds. Then it is easy to see that the right-hand side of 
(|6.1(l is a strictly positive real number, which implies that there exists at least one 
rational point of W^^ \ Wi^ . 

Our purpose is to find a value a £ ¥q for which there exists a rational point 
{W^ \ W^) n ¥q of the form (o, z„„r+i)- In order to find such value a, we observe 
that for any a G F^ there exists at most Sr points {t, Zn-r+i) G W^^ \ W^i with t — a. 
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Combining this observation with H6.1|l . we conclude that the following estimate 
holds: 

a - 0^/2^2 _ X2 



#{a e F, : (W^ \ W^) n {T = a} n F,^ ^ 0} 



> 



Sr 

From this we immediately deduce the following lower bound on the probability of 
finding at random a value a for which there exists a rational point with t ^ a: 

(6.2) Prob(^a G F, : {W^ \ W^) n {T - a} n F<f ^ 0) > "^ ~ '^^ ^^l - ^l _ 

Let q > 8n^d6^. Then the probability estimate Ht).2|l implies that, after at most 6r 
random choices, we shall find a value a €¥q for which there exists a rational point 
of Wuj \ Wuj of the form (a, Zn-r+i) with probabihty at least 1 — 2q~^^'^Sf > 1 — 1/6. 
Having this value a e F,, applying e.g. (55| Corollary 14.16] we see that the 
computation of the value Zn-r+i S % can be reduced to gcd computations and 
factorization in Fq[Z„_,.+i]- Our next result describes the algorithm we have just 
outlined. 

Proposition 6.3. Letq > Srr^dSf. Then there exists a probabilistic Turing machine 
M which has as input a geometric solution of the plane curve C^, as provided by 
Proposition I6'.M and outputs a rational point of C^^ . The Turing machine M runs 
in space 0((5r log(7log((7(5)) and time O (^nSrU {Sr) ^og qU {log{q6))) , and outputs the 
right results with probability at least 1 — 25/144. 

Proof For a e F,, let /i* := gcd (/i(a, Z„_r+i), ^'_^+i - ^n-r+i) e FjZ„_^+i]. 
From 55, Corollary 11.16] we have that the computation of ft,* can be performed 
with 0(jJ{6r)\ogq) operations in ¥q, storing 0{Srlogq) elements of ¥q. Further- 
more, deciding whether h{a, Zn-r+i) is a squarefree polynomial requires 0{U{Sr)) 
operations in F^, storing 0(6,.) elements of F^. From the probability estimate (|6.2|) 
we see that, after at most Sr random choices, with probability at least 1 — 1/6 we 
shall find a value a G F^ such that h(a, Z„_r+i) is squarefree and /i* is a nonconstant 
polynomial of Fq[Z„_r+i]- Therefore, computing such a G Fg and the polynomial 
/i* requires at most 0[6rU{5r)^ogq) operations in Fg, storing 0{Sriogq) elements 
ofFg. 

Observe that ft* factors into linear factors in Fq[Z„_r+i]- Therefore, apply- 
ing 55, Theorem 14.9] we see that the factorization of ft* in Fq[Z„_r_|_i] requires 
0{h({Sr) log q) operations in F^, storing at most 0(5,. log g), and outputs the right 
result with probability at most 1 — 1/144. Any root 6 G Fg of ft* yields a rational 
point (a, b) G F^^ of Wu,\W^. 

Specializing the parametrizations of Yn^r+j (2 < j < r) by the zeros of q{ujT + 
Q, Zn-r+i) into the values T = a and Zn-r+i = b, we obtain a rational point of 
Ccj (observe that our choice of a assures that such specializations are well-defined) . 
This completes the proof of the proposition. D 

Now we can describe the whole algorithm computing a rational point of the 
input variety V := Vr- First, we execute the algorithm underlying Theorem 14. 61 in 
order to obtain a geometric solution of the lifting fiber Vp(r) . Then we obtain a 
geometric solution of the Hfting fiber Vq, and the absolutely irreducible F^ -curve Cu,, 
applying the algorithms underlying ProDOsitions l5 . 2l and l6 . 2l Finally, the algorithm 
of Proposition 16.81 outputs a rational point of C^^^ C V. We summarize the result 
obtained in the following corollary: 
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Corollary 6.4. Let q > 8n^d6^. Then there exists a probabilistic Turing ma- 
chine M , which takes as input a straight-line program using space S and time 
T which represents the input polynomials -Fi, . . . ,Fr, and outputs the coordinates 
of a rational point of the variety V :— Vr- The Turing machine M runs in space 
0{{S + n + d)5\ogq{5 + \og{q5))) and time 0{{nT + n^)U{5)U{d5) log qU{\og{q5))) , 
and outputs the right result with probability at least 2/3 > 1/2. 

Let us remark that our algorithm can be easily extended to the case of an equidi- 
mensional Fg -variety V (given by a reduced regular sequence), which has an ab- 
solutely irreducible component defined over Fg. Indeed, the algorithm of Theorem 
14.61 mav be applied in this case, because it only requires the variety V to be equidi- 
mcnsional and given by a reduced regular sequence. With a similar argument as 
in Theorem 13.61 and Proposition 16. 21 we obtain a geometric solution of an Fg-curve 
C, contained in V , with at least one absolutely irreducible component defined over 
Fq. Then, using fast algorithms for bivariate factorization and absolute irreducibil- 
ity testing (see e.g. I3D|), we compute such absolutely irreducible component, to 
which we apply the algorithm underlying Proposition 16.31 Under the assumption 
that q > Sn'^dS^ holds, the asymptotic complexity and probability estimates of our 
algorithm in this case are the same as in Corollarv l6.4l 
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